Payments will still work when embedded on non-secure pages; however, it is not recommended.
The form itself is served in over HTTPS in an
iframe. However, many users will be wary or distrustful of a payment page that does not visibly say the page is secure.
If you are unable to serve the parent page (the page containing the embedded form) over HTTPS, then you would be better off redirecting to the form directly as opposed to embedding it.