I've actually read the exact opposite, that only the destination page need be in https. What would be involved with "capturing the stream from the person entering the data to the form on an http connection protocol"? Would the capturer have to have access to my system or is being on the Internet enough to pull this off?
There is absolutely NO reason to have a non HTTPS post to a HTTPS because the transaction isn't secured from the get go.
many sites post https for logins so the initial page is in the clear (and no mixed secure/non secure warnings) but that is about all i would do in such a fashion.