As with most design topics, security and performance can often be conflicting goals. If you protect your entire CMS site with a protocol such as Secure Sockets Layer (SSL), you will certainly incur a performance penalty. To mitigate this impact, you should carefully consider which parts of your site require such security mechanisms. For example, most CMS sites will only use SSL for their login page.
If you do decide to use SSL with your CMS pages, keep in mind that any data on the page will be encrypted before it is sent across the wire. This includes both text and image data. To maximize your performance, make sure that the SSL-protected pages are light (i.e., few graphics and as little text as possible).
For more information about secure Web sites, refer to the security chapters in Part IV of this book and to article Q247658, "Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication," in the Microsoft Knowledge Base (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch04.asp).