The development version of DoJo included with the current packaged 4.1 release contains DoJo bug #550 (http://trac.dojotoolkit.org/ticket/550). IE shows a mixed-content warning loading DoJo from a page accessed via HTTPS.
DoJo 3.1 has this problem fixed, even though the above issue doesn't indicate it.
However, when I tried pointing my @Shell component to a DoJo source directory containing the dojo-0.3.1-widget package (and modifying the dojo.js to require packages not packaged in the T4.1 dojo.js), I get no widget prompt with validation errors on form submit. Form submit fails, and the dojo and tapestry JS objects appear to be defined and complete, but I get no feedback.
When I leave the Shell component to it's default parameters, I get the IE warning, but if I OK the operation, then I see the validation errors prompt.
If the packaged T4.1 build contains an updated DoJo, that should work with HTTPS, but I'm still trying to figure out what's up with my configuration to use a custom DoJo source and path with @Shell.