If you have authentic badges such as Verisign, McAfee, TRUSTe, etc. those badges cost money, must be earned by meeting requirements, and provide real value to both the site and it's users. You should ensure your users are clearly aware of those badges.
In most cases, I recommend displaying the trust badges prominently on the home page. They should appear above the fold so they are seen immediately upon page loading. Keep in mind many visitors will see your site and decide within 5 seconds whether to explore it further or bounce. Offering recognizable symbols which display trust goes a long way when visiting an otherwise unknown website.
There is no solid best practice the SEO community has agreed upon. If you are a well-known, trusted business then you do not necessarily need any trust badges, and if you do have them they can be displayed anywhere on your site. That is not to say the badges don't offer value, but if you are Sears, AT&T or other well-established companies, most of your visitors solidly trust your company before they ever visit your site. If you are an otherwise unknown company, then the mere presence of trust badges can be the difference between a visitor who explores your site or a fast bounce. Trust badges can also be the difference between a visitor and a sale.
With respect to nofollowing them, I see no benefit in doing such. All visible links on your page consume PR whether they are followed or not. I am confident Google understands trust badges and handles their PR flow quite well.
If you are in doubt about trust badges or any other aspect of your site design, I highly recommend A/B testing. Present your site to 50% of your users with the trust badges in one location, and then to 50% of your visitors with the badges in another location. Test for a period and then compare your analytics between the two pages. Depending on your site's traffic, you may have enough data after a day to make a determination, or it may take more then a month to get a good, solid data set.
Also be sure the trust badges are properly installed. If you click on a trust badge, an authentic screen should appear verifying your participation in the trust badge program. If the badge is not properly installed, you will just see an image and it is highly suspect the website is a fraud and misrepresenting their participation in the program.
A last point, there is a big difference between trust badges. Earning a trust badge from a recognized leading company offers value. Earning a trust badge from an unknown company has almost no value. A security seal from VeriSign or McAfee is highly valued. A security seal from Comodo or other providers is not of much value to users as most never heard of the company. It's the same idea as if you earned recognition from Consumers Reports with a "Best in Class" product award, versus if you earned recognition from Consumers Protection Agency (I just made the name up) with the same award.