Following Pomegranate's example, they were smart enough to take the form down, Mountain Fruit now has an online order form, with a credit card section, all being submitted without SSL.
I'm guessing that they decided that SSL is a goyish meshugas and that all you need is faith in Hashem who will personally protect their customers' credit cards.
Now, I'm guessing that besides the lack of SSL, all of the credit card information is either being emailed to someone or stored, unencrypted, in an easily accessible database.
On the other hand, someone stupid enough to submit credit card info online without taking the bother to notice whether the page is secure or not, deserves what they get.
I emailed Mountain Fruit regarding the "oversite" at 11:16am, let's see what happens next.