only use ssl on login? or whole site?

I'm currently building a web-based file upload/download hub for a company that wanted an easy way to send files to customers.

My question revolves around which parts of the site really need to be SSL encrypted. Is it good practice to only encrypt the login forms, but leave other parts of the site (like the file transfer process) unencrypted?

Some of these employees work out of foreign hotels where line-sniffers are frequent. I'm definitely going to SSL the login form just to protect someone from stealing the login info and deleting files or something. However, since the files are not sensitive (no sensitive files are ever used on this system), will the speed costs associated with SSL ever severely affect the upload/download speeds?

thanks for any input!