Short and simple: Facebook is dumb.
They still have a setting for the Page Tab (non-SSL) URL, but it's not longer used as far as I know. They will always redirect to (and require) the SSL Page Tab URL. A year or so ago, we tried to remove that setting but Facebook then wouldn't let us save the API settings at all because.. the Page Tab URL was required to be set *if* you set the Secure one. Also, at the time, an error would be thrown if you tried to set it to http.. but if you can, go right ahead.
It's probably time to revisit removing that field or just automatically setting it to the non-SSL version of your site.. since it's not used anyway.
Thanks for pointing that out
Alex