Originally, I was more worried because looking at just the HTML, it seemed that it was doing a straightforward post.
They are relying on the stripe.js code to abort the standard form submission and submit via SSL to Stripe's server. What you said still stands though and it is possible for that JS to be circumvented by design or by accident which could cause the information to be sent over an unsecured connection where it could be intercepted.
They are relying on the stripe.js code to abort the standard form submission and submit via SSL to Stripe's server. What you said still stands though and it is possible for that JS to be circumvented by design or by accident which could cause the information to be sent over an unsecured connection where it could be intercepted.