Good day Alison,

The payment form is secure as it is iframed inside the main page.

In mobile sites the URL does not show up so for all practical purposes it goes un-noticed. The transaction is 100% secure considering the iframe is secure.

If we are to make the URL show https:// - then we have to work with each client and set up an SSL key with their domain which is not practical and set up a separate site for each client.

I hope that answers your question.