HTTP stands for HyperText Transport Protocol, Which is a fancy way of saying it's a protocol (a language, in a manner of speaking) for information to be passed back and forth between web servers and clients. The important thing is the letter S which makes the difference between HTTP and HTTPS.
The S stands for "Secure". If you visit a website or webpage, and look at the address in the web browser, it will likely begin with the following: http://. This means that the website is talking to your browser using the regular 'unsecure' language. In other words, it is possible for someone to "eavesdrop" on your computer's conversation with the website. If you fill out a form on the website, someone might see the information you send to that site.
If the web address begins with https://, that basically means your computer is talking to the website in a secure code that no one can eavesdrop on. eTapestry's DIY forms all begin with https:// to ensure the information your donors are submitting is safe and secure.
Many people have learned to look for the https:// before entering their credit card number into a website, but embedding a DIY form on a non-secure webpage means the URL will show http://. Is the embedded DIY form still secure if it is embed on a non-secure webpage?