Securing Embedded Forms

A client recently asked if it is possible to embed a secure (HTTPS) donation form on their site with an IFRAME without using HTTPS on their site. My answer was it depends but it’s not a good idea. It is possible to have an IFRAME on an insecure page (loaded over HTTP) load content from a site over HTTPS. And while a form loaded from a secure (HTTPS) host will post over an encrypted connection, it is not a secure practice.…