Thanks for poking the security. It may be fine, I do see an https in the source code at one spot, but it is more normal for the whole payment page to be https.
The same for account login and maintenance, normally those are encrypted.
The same for account login and maintenance, normally those are encrypted.