We have decided upon using Stripe as our payment processor. Stripe has offered us a very competitive rate (for which we thank them), and Stripe is compliant with PCI requirements and no sensitive data hits our servers. When you enter in your credit card information, it is not stored on the mayone.us site and goes directly to Stripe via the Stripe.js API.
The data sent to the Stripe API by the stripe.js code are safe, assuming you got an unmodified stripe.js and that other code was not injected into the page to sniff out the payment data you entered. All in all, your data are probably still safe but this was a definite major OOPS on their part regardless.
Originally, I was more worried because looking at just the HTML, it seemed that it was doing a straightforward post.
They are relying on the stripe.js code to abort the standard form submission and submit via SSL to Stripe's server. What you said still stands though and it is possible for that JS to be circumvented by design or by accident which could cause the information to be sent over an unsecured connection where it could be intercepted.
But since the page s served over HTTP, your browser has no way to know if it got the original page (which is probably safe) or if someone modified it in-transit to include malicious code.
We have decided upon using Stripe as our payment processor. Stripe has offered us a very competitive rate (for which we thank them), and Stripe is compliant with PCI requirements and no sensitive data hits our servers. When you enter in your credit card information, it is not stored on the mayone.us site and goes directly to Stripe via the Stripe.js API.
Or in short: Yes, your money and info are safe. "