If you're using relative links there will be nothing to cause your transport to change back.
You can try adding another security-constraint block covering the content you don't want to be secure and set the <transport-guarantee>NONE</transport-guarantee>
On the other hand, you typically don't want to switch back to non-SSL once you've gone secure, especially if you've initialized your session securely. Most web providers don't regenerate your sessionid when you switch between secure and insecure transports. Sending your sessionid over an insecure transport opens you up to session hijacking attacks.
Be careful what you wish for. You should probably just leave things the way they are.