

Secure Ajax from Non-Secure Pages - crnixon
http://www.viget.com/extend/secure-ajax-from-non-secure-pages/

======
mike-cardwell
If a form is going to submit data over a secure channel, the page containing
the form should be retrieved over a secure channel also. Otherwise what’s to
stop somebody intercepting and modifying the pages HTML so that the form
submits the data in plain text elsewhere?

