HTTPS/CAcert
CAcert is the biggest of the off-brand SSL certificate authorities. They have the nice feature of being free (as in cost), and are based on a distributed trust network which is also ideologically favorable.
At the moment they're not in the default CA list for most major browsers, but are in process of being audited by Mozilla and should eventually get in. Even without this, they're better than using self-signed certificates, as it gives us protection against MitM attacks and generally makes one feel fuzzy and warm.
Wikimedia Foundation, Inc. has been set up with an organizational account. There are various team members who have access to the organizational account (brion & tomasz) and you should ask on IRC if you need a certificate signed.