Today an SSL certificate seller informed me that my
site.com.br/intranet is not secure, that the correct thing would be to do
intranet.site.com.br is this true?
Does it really make a difference a subdomain versus a subfolder?
Not necessarily, it seems to me a little exaggeration of it (and even lack of knowledge, or confusion of it).
what is insecure
site.com.br/intranet page contains session cookies (or another session method) this data can be passed to
site.com.br , however it is totally possible to prevent this, for example with PHP it is possible to set the PATH of the session cookie.
Why use a subdomain
The sub-domain does not share cookies from the main site and this would theoretically make it more secure.
As I said it's not totally right and not totally wrong, it varies from how your system was created using a sub-folder doesn't really make it unsafe.
Of course he could have talked about something else that I really don't know about.