Welcome to the Q&A Forum

In my opinion there isn't really any downside to this from a Google perspective; as you said, they shouldn't even be indexed anyway. Many many vendors out there have their charge/fulfillment go straight to PayPal for example, and don't even host any checkout specific code (other than cart-building, account creation, etc.) on their site at all. There's also the case where multiple microsites will all use the same checkout on another domain, used to centralize checkouts. As far as I know these sites aren't punished either, and it definitely saves money on the secure certificates. There is however, another angle to consider, and that is the human angle. Some people (who aren't savvy about ecommerce) might be alarmed that their secure checkout is occurring on a different domain than the one they've been browsing on. This is a 'security/conversaion' rate issue though, so you may already know of it. In my opinion I would leave it alone and not bother with the iframe tricks and so on. A subdomain might be more reassuring to the user (e.g. secure.printingofrless.com instead printingforless1.com) but I honestly can't see why the current setup would have Google implications, as long as your SSL/non-SSL pages are separate and canonicalized properly.