Payments will still work when embedded on non-secure pages, however, it is not recommended.

The form itself is served in over HTTPS in an iframe, however many users will not trust a payments page that does not visibly say the page is secure, so if you are unable to serve the page over HTTPS then you would be better of redirecting to the form directly as opposed to embedding it.