It is highly recommended these days to run the entire site on TLS (https that is) if possible.

The overhead concern is a thing of the past, it is no longer an issue with the newer TLS protocols, because it is now maintaining sessions, and even caching them for reuse if the client drops the connection. In the old days this was not the case. Which means that today, the only time you have to do public-key crypto(the type that is cpu heavy) is when establishing the connection. So there isn’t really any drawbacks when you have a cert anyway. This means that you won’t have to send people back and forth between http and https, and the customers will always see the lock sign in their browser.

Extra attention has been drawn to this subject after the release of Firesheep. As you might’ve heard Firesheep is a Firefox addon that let’s you easily (if you are both using the same open wifi network) highjack other people’s sessions on sites like Facebook, Twitter etc. This works because those sites only use TLS selectively, and this would not be a problem for them if TLS was enabled site-wide.

So, in conclusion, the cons (such as added CPU use) are negligible with the state of current technology, and the pros are clear, so serve all content via SSL/TLS! It’s the way to go these days.

Edit: As mentioned in other answers, another problem with serving some of a site’s content (like images) without SSL/TLS, is that customers/users will get a very annoying “unsecure content on secure page” message.

Also, as stated by thirtydot, you should redirect people to the https site. And you can even enable the flag that makes your server deny non-ssl connections.

Another edit: As pointed out in a comment below, remember that SSL/TLS isn’t the only solution to all your site’s security needs, there is still a lot of other considerations, but it does solve a few security issues for the users, and solves them well (Even though there are ways to do a man-in-the-middle, even with SSL/TLS)