Firstly, apologies if I haven't described the issue here well or if it belongs in another forum.
For the past few years I've been engaged in a minor conflict with my professional college over their Web site: specifically, its apparent insecurity.
The organisation expects its members to pay subscriptions and certain other fees online and has an https page for that. When I go to make a payment, though, Firefox (for example; I use Chrome as well) advises me that the page is insecure (broken padlock with a warning triangle).
After much toing and froing with various administrative people I've got the following explanation from a senior IT person:
"Thank you for your email regarding the security of our website. I can assure you that our registration functions are using ssl technology. For our payment processing we also use payflowpro, the corporate side of paypal which has its own security and verifications.
"The reason you are seeing a message about the ssl on some of our pages is because there are some jquery scripts which are serving up pictures on our website, which are only using http, instead of https."
Now I have no reason to distrust the chap who sent me that explanation, but it still makes me uneasy about, for example, putting my credit card details onto such a Web page. I therefore tend to play it safe and insist on faxing payment details to a trusted recipient (or paying by direct deposit).
My question is, am I being unreasonable? Or is it just good practice to regard any Web page that throws up a Firefox alert as insecure and not to put credit card details and other confidential information up on it?
TIA for all advice.
(edited because my attempt at html didn't work so well)