The only thing I can think of to start a second update site and have all new update checks go to that, but that would require maintaining two sites. Is there a better option?
That's the only way to do it. We still recommend *not* using update encryption. Use HTTPS or properly limit your updates on a per-user basis.