Just bothers me that companies can get away with this given the recent history with Sony etc getting hacked.
If you noted your order is processed inside an <iframe> element which is secured with https to https://webtix1.sundance.org/WebTixsNet/OrderFormPage.aspx?d...
so the iframe isn't ssl, and the form doesn't submit to an SSL page either.
furthermore! even if the iframe were over ssl (which it isn't), that still wouldn't be secure. since the outer page isn't over ssl, an attacker could replace the iframe with one that has the same content but points to a non-ssl page. this is why SSL is useless unless the user checks the browser SSL indicator (the green lock in the URL bar)."