i've the problem that some plugins aren't running while SSL is active for every site (XenRio Streams for example), so is there any option to only force the Login-Form use SSL/HTTPS, but not on other sites/(sub)pages?
Yes, but it is completely pointless as the cookie data would then be sent over an insecure connection for all other page loads, allowing someone to hijack the session.
Additionally, if the login cookie is created via SSL; XenForo marks it as secure and most sane browsers will then delete the cookie if it touches a non-SSL connection.
