When a typical HTML form is POSTing data to, say some PHP code for example, how secure is the transfer? It seems to me that it's essentially putting the variables in the URI, but behinds the scenes. Is this the case, or will the data be encrypted if the protocol is HTTPS? I mean, I guess it has to be encrypted since so many forms take sensitive information. Hmm.. so what's the deal here?

Thanks in advance.

the transfer is as secure as the user's network connection.

a really good reference about the various topics that apply to this is at wikipedia (http://en.wikipedia.org/wiki/Secure_Sockets_Layer). there are a lot of references and potentially a lot of different methods to secure your data transfer. not light reading!

it can intercepted anywhere from the computer to your server.

You need an SSL certificate if you want to pass anything securely