After updating from 6.x-1.9 to 6.x-1.11 the module is now attempting secure redirects on my dev site even though securepages_enable is set to 0 in settings.php.

A diff on the two versions leads me to think the culprit is in hook_boot