Last night I found this thread... I've been hunting for the solution to this problem for months. I'm a bluehost customer too, with a single SSL on my root domain and wp blog on an add-on domain, and found comfort knowing people on bluehost were in almost the exact same situation.
The setup I have is basically:
myrootdomain.ca (ssl secure)
I was hacked a couple months ago, and I think either because one of my FTP accesses was sniffed or just logging into the wordpress blog one-too-many times insecurely.
https://www.mywpblog.com caused big warnings in browsers, saying it was being misrepresented as myrootdomain.ca..
https://myrootdomain.ca/mywpblog/ would partly work, but unresolvable errors occured with logging into https://myrootdomain.ca/mywpblog/wp-admin
So finally I logged into the account using http://www.mywpblog.com/wp-admin insecurely, and found the two url fields in Settings, changed the WordPress address (URL) field to https://myrootdomain.ca/mywpblog and the miracle happened, everything works perfectly now. I don't care what the URL is for administering the site, and I don't have anyone log in to post comments, so this works for me.
Granted, there is no other WP blog in another subdirectory or on the root domain, but since myrootdomain.ca/mywpblog is the same directory as http://www.mywpblog.com, perhaps I was simply complicating things, trying to work .htaccess rewrites and such.
This may or may not help anyone, but it's a solution that has worked for me as an SSL owner on bluehost.