As Dan blogged last Tuesday, the next release to Pivotal Tracker is going to ensure that all project pages and other pages that require logins will only be served securely (via HTTPS/SSL).
This will make Tracker more secure against session-hijacking attacks. Unfortunately, it also requires that everyone log in to Tracker again when the site comes back up after the deploy. After the release is deployed, when you leave the normal maintenance page or grey screen you'll be automatically forwarded to the Sign In page.
API access to a Tracker project will only require the use of HTTPS if the "Use HTTPS" check box in its Project Settings page is on.