Only the return page, after they submit the form, should have the locked key and indicate a secure transaction. The page that has the form elements does not need to appear secure.

Reason: The end-user is typing data into a form that they have downloaded to their computer. When they click the submit button, only then does sensitive information traverse the wires.

Since this is not commonly known, L A Bridge web sites usually *do* secure the form page. There is a performance penalty though, since it takes much longer to transfer encrypted data then it does insecure data.

<RANT>
For the love of God, please put absolute URLs in your path names that link from a secured page. A secure page has the https: protocol in the URL. If you have a link back to your home page that looks like this:

<A HREF="homepage.html">

...then that page is going to be encrypted when it is accessed. Not only will this slow transfer time for your users, it will not appear in your hit logs and many other forms of confussion will ensue. Always use full URLs like this:

<A HREF="http://www.myHomePage.com/homepage.html">
</RANT>

Summary: It slows download times and is not any more secure when to encrypt the form page where people type their names and credit card numbers.