You are not required to embed a payment form within an SSL secured page because all content (including payment data) processed from Cognito Forms is done so over a secure SSL connection.
It is, however, highly recommended as an additional layer of security for you and your customers. Doing so also helps ensure that users won’t receive any type of warning when trying to load SSL secured data from a non-secured page.
To learn more about this, read our article: Avoiding Security Warnings in Google Chrome