That said, the current cartel-like setup of certificate authorities (protection money and everything!) makes SSL annoying and expensive if you want the browser to not have a fit. Especially for small-scale projects. But there's really no excuse for larger sites.
Works — of course — everywhere except IE6/7XP.
An alternative is to bind the user's session to their IP address, but that isn't fool proof either because of NAT, DHCP and certain big ISPs that tend to change IPs on the fly.
What cost-effective solution would you suggest?
Regarding IPs, there's a bigger issue here. People are used to being able to shut their laptop at home and open it back up at work without having to re-authenticate all their browser tabs. If you filter by IP this breaks. SSL requires no changes to user behavior.
It would make it harder to troll an open network for random victims, and wouldn't annoy the user.
 Perhaps a hash based on something like this https://panopticlick.eff.org/
then the next version of this plugin just spoofs all of those parameters as well
the only solution is SSL and client certificates
 in the case of being on the same network
In general, it's a negligible cost; it adds a very minor delay compared to latency / transfer time, and uses CPU otherwise highly unlikely to be pegged. If you're pushing threading limits / CPU usage limits, you're probably inches from needing new hardware anyway, and SSL should be considered part of the cost of running a web server.
It's gotta be SSL all the time.
Looks like a great idea, but how do they prevent the man-in-the-middle from impersonating a network notary?
EDIT: I searched and it's actually http://cert.startcom.org/.
AFAIK this is common to all certs (free or otherwise). You need a separate one for each subdomain (including www).
I admire their model of only charging for operations which require human intervention, like identity validation, but handing over that degree of documentation for that amount of time requires a lot of trust, not just of the company as it currently exists, but as it will exist in the far future.
If there was a way to validate organizations which wasn't layered on top of an earlier validation of an individual, or if their decentralized web-of-trust was usable for class 2/wildcard certs, I'd be a big fan.
As it is, there's no reason not to use Start for class 1, single-domain certs, for which the validation is automated and reasonable.
For instance, from Verisign: a 1 year Microsoft code signing certificate starts at $499 . A top-of-the-line (from their main pages) web certificate for a single server for one year: $1499 
edit: it would figure the links don't work. Just go to www.verisign.com and those are a couple clicks from the front page.