gravatar.com offers its images both via http and https (see http://en.gravatar.com/site/implement/images/ and search for "Secure requests"). For a Q2A site that's reachable via https it would be better if the gravatar image URLs were using the https method as well. Otherwise browsers will complain that the site uses both secure and unsecure resources due to the <IMG> resources.
The links to the gravatar.com site itself can remain http links as they're not resources that the browser loads.
One possibility is to make the gravatar base URL configurable. It would be even cooler if Q2A would make that decision itself based on the URL that was used for accessing Q2A.
For me the workaround was to change the base URL in qa-include/qa-app-format.php from "'<IMG SRC="http://www.gravatar.com/avatar/'" to "'<IMG SRC="https://secure.gravatar.com/avatar/'". This is OK with me as I'm only running via https. However, it would be nice if I wouldn't have to maintain such a patch myself :)
Thanks for the great work in this program!