Well, the good news is I think I got it working. I was changing the domain on the $current_site object as well as the $current_blog object. I noticed in the original sunrise.php it was not being changed for the $current_site object. Removed that line and remote logins appear to be working. Going to do some more testing, but things look promising.
The remote login appears to happen when the redirect occurs when you go to the front-end from the admin area based on my testing.
I am still interested to know if there is anything to worry about by performing the remote login on the non-SSL side of things. I have found a few articles regarding how the authentication cookies work and I think it should be fine, or at least no worse than things are with a default install.