We recently added a script include that referenced the google AJAX api via http instead of https. That was causing the scary message. It's been fixed now.

I agree we need to add some copy and badging to reassure the user that we store all cc information securely through our payment gateway.