Slopy bug. This drove me crazy as well as my client until I found they have recently had this module installed. The module loads FB js library as HTTP only (hardcoded) which will cause insecure message on secure pages - like checkout page.... seriously....
File /skin/common_files/modules/Popup_Anywhere/js/popup.js find
and replace with
var tmp_host = (("https:" == document.location.protocol) ? "https:" :
"http:"); // added by CFL Systems to fix bug in the module
js.src = tmp_host + "//connect.facebook.net/en_US/all.js";