Robolovsky Perhaps you are confusing two issues. SSL is required as a best practice no matter what your form is doing if you are collecting personally identifying information and it is required of the page that a third party payment gateway's iframe will appear in.
The point being made is about MackForm maintaining PCI compliance by not receiving and storing credit card data in the MachForm database. By selecting a payment gateway, a "picture in picture" payment webpage from Stripe is appearing in an iFrame inside your form in a stylistically similar manner so it looks like just one form. On submit, one set of data is sent to MackForm's database to record the transaction details, and the credit card data is sent directly to Stripe to either save for a pre-authorized cart or recurring payments, or process immediately. Once processed, Stripe reports back the payment success or failure so that that is also recorded in your database.
SSL keeps the communication between your user and your form and stripe's embedded form secure from being intercepted, the stripe gateway in an iFrame maintains PCI compliance because the MachForm form itself is not receiving data from any credit card related fields.
SImilarly, SSL helps protect your Stripe account from being hacked when you login to view sales and request payment to your bank.
Simple answer, you site needs to have an SSL certificate (some hosts provide a blanket one as part of their service.) and you need to set your form as SSL required, meaning it cannot be opened unencrypted with http:// only with https:// encryption active, and that all links to your form need to include https:// for the form to be found and opened. Test the form using a link beginning with http:// link and the link should fail or, if there is an htaccess redirect, it should catch the error, rewrite the link and automagically open the https form link in place of the http link.