When installing the booking form on a website that is delivered over http (non-ssl), it may seem as if the booking form is non-secure. But the booking form is in fact secured and always delivered over SSL (https://). Sirvoy is PCI compliant and so are all of our payment solutions.
But, even so, to reassure your website visitors and give a more secure experience, you will need to get an SSL certificate (https://) for your own website.
Another option is to forward the guest from your website to Sirvoy's stand alone page showing the booking form. In that way the guest will see "https://" in the browser.