First off, this is a TREMENDOUS plugin. I'm very impressed with the code and the end result. As everyone who posts here, I ran into an issue that I wanted to make you aware of.
Using v2.5 of the plugin, I launched a secure site today and found the browser was complaining that some content was insecure. When I went and looked in the source, I found that the call to the jquery.css for the date picker in visual-form-builder.php on line 450 is on http://ajax.googleapis.com. This was clearly the issue. The ajax.googleapis.com is available as an https call also, so if that was used instead, it would allow all users, secure site or not, to get the file and avoid this issue.
The same issue would also exist, I believe, with the calls to http://ajax.aspnetcdn.com on lines 423 and 437. That site also provides an https version that would solve this.