Welcome to WebmasterWorld Guest from 126.96.36.199
Forum Moderators: open
I'm assuming you have a good reason for insisting that the forms live on your server, and that you have SSL/secure cert set up properly, and that you have in place a post-processing script to do whatever it is you're going to do with the forms.
It would definitely raise some red flags for me, if someone I hired wanted to present a secure form that way. Is it possible you can get an explanation of their reasoning for having done it that way in the first place? Did they just not know any better?
My only thinking is that they don't know how to do server side scripting and had planned to "pass it off" to a form processing service somewhere out there on the web. A pop up window would "hide" this, for the most part. I know, a real reach, but can't imagine why else they would do this.