The client's calls to the rmiregistry would not be using SSL - so they would not be "secure" - but all that is in the call is a request for a stub to the server. Once the client needs to talk to the server, then SSL-wrapped sockets are used for all the calls. The document
Implementing a Custom RMI Socket Factory on Sun's site gives specifics on how to do this.
If you want both SSL and non-SSL RMI objects in the same registry, this is the approach to use. It provides security if all you're worried about is someone packet sniffing sensitive information from client/server communication - however, spoofing is still possible (i.e. - initial registry request is intercepted and a "hacked" server implementation is returned by someone). You may not be worried about spoofing, however, because it is a lot more unlikely to happen than packet sniffing.