If you use Piwik for an e-commerce site, your website is most likely secure. There are some instances where it may not necessarily need to be, like if you use an off-site payment processor that actually takes credit card details on their page. But other than cases like this, your e-commerce site should be secured by a valid security certificate.
Because your e-commerce site is secure, you will need your Piwik installation to be secure also. If it is running on the same domain as your e-commerce website, you will have no worries. But if you are running the Piwik installation you use to track your e-commerce website on another server and domain, you will have to get a security certificate for your Piwik installation and have mod_ssl
installed. Otherwise, when a visitor is on a secure part of your website and this part of the Piwik code executes, there will be an issue.
var pkBaseURL = (("https:" == document.location.protocol) ? "https://YOUR_PIWIK_URL" : "http:// YOUR_PIWIK_URL...