I recently had a chance to use thickbox, and I have to say it did exactly what I need to do: created a modal window with jquery and make a simple ajax call.  I spent quite a bit of time trying to track down why ie6 was giving a security warning when pulling in ajax content.  I had all the links relative.

I decided to give fiddler a try, and as I thought, I was not making a single non-https request. Everything was on 443.

After testing and retesting and checking code, I finally got the right google query in and came to this lovely page:

https://issues.apache.org/jira/browse/WICKET-855

The really important part of the whole page was this little section:

Internet Explorer shows this warning because ModalWindow uses an <iframe> tag without an 'src=' attribute.

So, I went out to the thickbox javascript code, and did a search for <iframe... sure enough, on line 36, there was an iframe tag without a src attribute.  I stuck src='://0' and voila no more security warning in ie6!!!

This was such a hassle that I hope anyone else looking around for this problem finds this page.