In Firefox on the https://secure.goldmoney.com/
if you click on the Padlock icon at the bottom (it has a red exclamation mark on it) then it tells you the page is partially encrypted. Some of the elements are being sent unencrypted but others are not. That is probably why the Firefox bar does not change colour.
On the non-secure http://goldmoney.com
and secure https://secure.goldmoney.com/
version the form posts to a secure address (https://secure.goldm.../user/login.php
) so I think the data it sends is encrypted but has a small possibility of a man in the middle attack, but I am not an expert in security.
I also just did a packet capture on the form data (not using my real username or password of course) and it is encrypted. I have attached the capture in case anyone is interested in verifying (.txt extension to get around the upload filter but is ASCII bin file).
This is correct. It's perfectly safe. This is irresponsible scaremongering.
It is not scaremongering - there is a real threat. Anyone who can update your DNS could direct you to a page which is identical to the original, other than that the form does not submit to a secure page, instead capturing your password before displaying the real goldmoney page. Without looking at the page source there would be no visible difference. Your DNS could be changed by your ISP, and you are depending on their security measures to protect it.
Starting on the https://secure.goldmoney.com
page is safe. I am not as much concerned with this particular risk, but rather it shows a lack of security planning in general. If the original poster raised the issue and it was ignored I would be particularly concerned. The warning about the page containing insecure items is due to the google tracker on the page. Google supply a secure version which would avoid the warning that could easily be used. I am quite worried that the security issues go beyond the web frontend.