Avoided to use Ice.ElementModel object since its definition is not present in Glimmer anymore (used to be in 1.8.*). The alternative solution was to use a pseudo URL for the 'src' of the iframe. The 'javascript:...' pseudo URL allows you to define the content of the page right inside in the URL avoiding thus the need for having a reference to a blank page.
Anyway, the previous solution was way to ugly since it was drilling down inside bridge's code to lookup a variable that contained a URL. This URL was then used to calculate the context path which in turn allowed for calculating an absolute path to a blank page.....

Solution courtesy of http://weblogs.asp.net/bleroy/archive/2005/08/09/how-to-put-a-div-over-a-select-in-ie.aspx .

Seems very likely that using "JavaScript:" in the src tag will cause IE browsers to present security warning dialogs when rendering via HTTPS/SSL. For example, http://jira.icefaces.org/browse/ICE-4179.

I checked and doubled checked if the pseudo-URL of the form javascript:'<html></html>'; causes any problems. I can confirm that the pseudo-URL solution is working just fine without causing "This page contains both secure and nonsecure items" popup to appear.

Component-showcase in "compat" does get the "This page contains both secure and nonsecure items" popup but changing the iframes to point to a real URL (blank page) or pseudo URL won't make a difference. But by just re-organizing the JSF markup the alert will go away. This seems to point to a problem reported by other people on the web: http://support.microsoft.com/kb/925014 . This problem can be fixed at application level by changing the used CSS.