Any page called with HTTPS has its contents encrypted before
being sent to the browser, and is decrypted by the browser. So the
contents are secure during transmission.
But what about someone typing in the URL of a "secure" page.
For example, what if I entered
https://www.yourSite.com/supposedlySecurePage.cfm. If you have not
made provisions to prevent this, I will receive the page. HTTPS
does nothing to prevent this.