Edit your theme replacing every occurence of http://fonts.googleapis.com/... with https://fonts.googleapis.com/... (mind the s).
Resources that might pose a security risk (such as scripts and fonts) must be loaded through a secure connection when requested in the context of a secured page for an obvious reason: they could have been manipulated along the way.