Are you saying that you always get https image paths even when the address bar shows http?
The proper way to provide a relative path in today's browsers is //path/file.suffix. The '//' tells the browser to use whatever the active protocol of the page is for doing a GET of those items.
As with many cs-cart functions, there is more than one. You need to review the functions in app/functions/fn.images.php for which ones you want to make relative and which to remain as FQDN (fully qualified domain name) references. I.e. for an email, you would want a FQDN and for a browser you would want a relative path (with leading '//'). But cs-cart should already account for whether the browser is using SSL or not and use https as the protocol instead of http in that case so that you don't see the 'insecure content' warning on https pages.