With this all said stigmas do exist, and it is hard to convince not technically savvy people that what ensures security is the SSL encryption and not the client technology. Many people simply won't enter their payment details anywhere else but the HTML page. We were forced to put an additional HTML page dedicated to payment solely for that reason, even though there's no logic to support that. Also, I think that if all the parts of your page come from a secure source, the situation may be different, as many modern browsers would highlight the URL in the address bar in a certain way, which may be some kind of relief for the frightened customers :)
Best. Oleg
