Tom,
We've recently added a paramter for this in acs-kernel, RestrictLoginToSSLP.
Last week, I even changed the default value for this to 1, but didn't realize that there was a bug in our code that caused it to try to redirect logins to SSL even if SSL was not installed. That's fixed now.
/Lars