I was recently in a discussion with one of our developers about the usage of padlock icons (not on the https link) in user interfaces.

I remember encountering the icon in lots of different situations; on sign up/log in forms, while filling out/submitting forms with sensitive data, feedback once logged in etc. I have always perceived it as trustworthy and as means to enforce the feeling of security (even though a site is https) for your users.

Our whole site is https, but his main concern with implementing it is that he perceives the icon as 'shady' and dishonest towards the user; like: "Come on, we have a padlock, you can trust us. Give us your details, now!" And that the usage of the icon would scare users.

But how does this actually differ from the padlock icon in the https links for users that don't know what it means anyway?

And what are your opinions and experiences of the padlock icon in interfaces? Yay or nay? Is it dishonest? Are there any resources I can read up on?