I think this is beneath you but I'll ask:
Are you calling the JS file with http:// in the src?
If not then there must be something coming from fonts.com. Looks like there is no problem with ssl:
http://www.fonts.com/support/faq/using-web-fonts-with-ssl
If you need to detect whether https is on in a template, I believe you can use {$current_protocol}.