You can do that. You need a separate login domain, with its own server and SSL cert. The cat videos can go through the main domain and CDN.
HTTPS security seems to be going downhill where it matters. "wellsfargo.com" not only has just a cheezy "domain validated only" SSL cert, but their "sign up for online access" link redirects to "https://adfarm.mediaplex.com". Bank of America used to run the secure pages through "secure.bankofamerica.com" from their own servers. Now everything comes from one domain, and it's front-ended by an Akamai service.
Is it really new? People have always outsourced hosting. Complaining that CloudFlare or Akamai have access to an SSL cert makes as much sense to me as complaining that RackSpace has access to it, when someone was hosting their stuff in their datacenters.
HTTPS security seems to be going downhill where it matters. "wellsfargo.com" not only has just a cheezy "domain validated only" SSL cert, but their "sign up for online access" link redirects to "https://adfarm.mediaplex.com". Bank of America used to run the secure pages through "secure.bankofamerica.com" from their own servers. Now everything comes from one domain, and it's front-ended by an Akamai service.