This is the process that worked for me so that Web Store can be set up to run on an insecure server until time to submit the order form. The web store and the secure server have two different urls, and in this case, you don't need multiple copies of all the files in both places:

1). Alter the file references in the your file and web_store.cgi to be absolute instead of relative, i.e.

/usr/local/etc/httpd/htdocs/insecuredomain/cgi-bin/Library

instead of ./Library

Every reference except the order script will be to files on your insecure domain.

2). In your setup file, set the variable

$sc_order_script_url = your secure server url. 

For example,

$sc_order_script_url = 
https://www.securedomain.com/cgi-bin/web_store.cgi

3). put a duplicate of the web_store.cgi script ONLY in your secure cgi-bin. You don't need libraries, or anything else...just this script. Remember, you've referenced everything else to the insecure domain.

4). Use the following hack to change buttons on the page footers in your html files:

http://www.extropia.com/hacks/vratny_secure.html