An announcement was made by Google in September of 2016 that Google will mark all pages containing fields, password, and credit card input fields as not secure. Unlike some internet articles who are speculating that all pages now appear to be insecure if they do not have an SSL Certificate installed, Google clearly states this in their announcements that pages that transmit critical data will bring up the alert warning, especially ones that are transmitting critical information such as password and credit card information. ‘Google Search Console’ also warn’s that all forms that are not secured by an SSL certificate will display the error message. And rightfully so, it is critical that transmitted messages be encryption to protect all data. We always recommend site visitors to stir away from websites that do not use the HTTPS protocols to transmit data.

However, it is probably a good idea that an SSL certificate is installed site-wide, to secure all data transmitted between a site visitor and ensuring all forms within the website are using a secure method of transmitting data.

Sourced from google article:
“Not Secure warning is not displayed for your pages, you must ensure that all forms containing elements <input type=”password” />and any inputs detected as credit card fields are present only on secure origins. This means that the top-level page must be HTTPS and, if the input is in an iframe, that iframe must also be served over HTTPS”

Source link: https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn

Therefore it is vital that all websites that use any type of data transmission use an encrypted SSL certificate.