SSL should be employed wherever there's going to be sensitive information transmitted. This includes site configuration stuff like passwords, database connection info, sensitive paths ... basically, IMO, anytime I'm going to be typing things I don't want intercepted, I'll put it behind an SSL. And user information definitely should be, especially on the screens where they need to type a password (login screen at /user and account info screen at /user/*/edit

So yeah. I would say yes to putting admin behind a secure certificate. I would potentially even put it behind a level of HTTP authentication also (a "protected directory" in Plesk) - maybe not since I'm using Drupal now, but you can really never be too secure with your customer's and website's sensitive data.