Yes, that would make it very difficult. But it would all depends I suppose on the situation.

If its just accessing ones web stats from work for example, then an SSL cert would protect your public key / wallet address from being discovered as long as you at least emptied the browser cache correctly on the work computer and kept your hashrate a secret. However if someone is 'stealth mining' at work, or in any location/country where mining is prohibited....then an SSL certificate on the stats page will not save them from their miners being discovered.

Even if a stealth miner were able to run their miners through TOR, an end to end timing attack would quickly expose which accounts on Eligius belonged to the stealth miner ( albeit a rather unlikely example ).