But if the instances also live on ec2 (which they do in the heroku case), you would still run into the issue of needing separate instances to terminate SSL on for each SSL enabled site (with the 1 IP limit). It would seem much more economical for them to terminate at the ELB level and only pay for an ELB per customer.
I guess alternatively you could leverage the funky port forwarding hack on elb and put each ssl site on a different backend port. but that just seems like a mess.