Are free SSL certificates secure?

The only reason why companies charge for SSL certificates is they put time and effort into creating the certificate and expect to be paid for their work (at a profit of course). But they don't have to charge if they don't want to just like any free provider of services can do. What matters with SSL certificates is whether the major browser makers recognize the certificate issuers as trustworthy or not. If they do the browser will display the site as secure just like it would from any other recognized provider. If they don't then any user attempting to access a web page secured by the unrecognized certificate will see a warning letting them know that the certificate is not recognized and warn them not to proceed.

So the real question is, "which free provides are recognized by the major browser makers as being authoritative"?

Have a look at Wikipedia for a good comparison of SSL services. It looks like startcom has a free SSL cert service which is recognized by IE, FF and Safari.

I suspect there are other similar services around. The main issue is to find providers which are supported by modern browsers. Having a browser warn the user that the certificate is not reliable is worse than not having a certificate at all, from the POV of conversion & sales.