Using HTTPS does two things: it encrypts the data being sent between the browser and the web server so that no one can listen in, and it verifies that you're actually connecting to your web server (that someone hasn't manipulated DNS so that you think you're getting your web server but you're actually getting an evil server that wants to steal your passwords or whatever).

When you pay a registrar for a certificate, you're paying for the second purpose, so that when a user connects to your web site foo.com they know, by virtue of the registrar's certificate, that they're getting your foo.com, not someone pretending to be foo.com.

However, if all you want is for you to be able to connect to your web site securely, you don't need to pay for a certificate. You can create your own certificate (this is called a "self signed certificate", because you sign it yourself, instead of having a registrar sign it). When you connect to your web site which has a self signed certificate, your browser will put up a big warning message saying that it can't verify the certificate itself, and so doesn't know if you have connected to the right server. However, you can look at the certificate and check that it's your certificate, even though the browser doesn't know if the certificate is valid. And the data between the browser and the web site will be encrypted just the same.

On the other hand, I've heard that you can get a certificate from a cheap registrar for a little at $15/year, so if you want other people to be able to connect to your site using HTTPS without getting the browser warning, that's no big deal.

I am in the process of buying a "slice" from slicehost and setting up real website (my first time). Local8080 is getting dry as I can't show anyone the awesome things I am doing in arc!