I fixed this issue tonight, using the technique I described above.
It works perfectly, and while I was at it, I fixed the google tags to use the proper secure connection when the page is secure.
Lastly, because I wanted to get this important fix in sooner rather than later, I committed my Google Adwords tags. They were in the same file as the other google fixes, and I didn't want to take the time to strip them out and retest before committing. As a result, we now have Google analytics tags for page tracking, sales conversion and signup conversion (new), Adwords sales conversion (new), and Adwords signup conversion (new).
Important: To activate the secure-aware version of the google tracking tag, you need to change your analytics call from {% show_tracker %} to {% show_tracker is_secure %}. It will not blow up if you don't do this, it will just not be aware of whether the page is secure. I've already done this in the store templates.