Maybe what you're saying is the only way. Or maybe there are some options (two options in the above comment). But whatever it is, we cannot resort to an insecure way of payment just because there is no other way.
Regardless of people lying about using Stripe or what ever processor they claim, you still don't have any guarantee that their backend system is secure and treating your credit card information properly.
You are fully responsible for the security of data on your website or otherwise in your possession. You agree to comply with all applicable state and federal laws and rules in connection with your collection, security and dissemination of any personal, financial, Card, or transaction information (defined as “Data”) on your website. You agree that at all times you shall be compliant with the Payment Card Industry Data Security Standards (PCI-DSS) and the Payment Application Data Security Standards (PA-DSS), as applicable. You agree to promptly provide us with documentation evidencing your compliance with PCI DSS and/or PA DSS if requested by us. You also agree that you will use only PCI compliant service providers in connection with the storage, or transmission of Card Data defined as a cardholder’s account number, expiration date, and CVV2. You must not store CVV2 data at any time. Information on the PCI DSS can be found on the PCI Council’s website. It is your responsibility to comply with these standards.
What this means is once you make a payment, you are at the mercy of the vendor you're making payment to. If the vendor does anything mischievous (which shouldn't be difficult at all), you're on your own. :)
Stripe maintains commercially reasonable administrative, technical and physical procedures to protect all the personal information regarding you and your customers that is stored in our servers from unauthorized access and accidental loss or modification. However, we cannot guarantee that unauthorized third parties will never be able to defeat those measures or use such personal information for improper purposes. You acknowledge that you provide this personal information regarding you and your customers at your own risk. We recommend you review our Privacy Policy, which will help you understand how we collect, use and safeguard the information you provide to us.
I think those who've received the certification are pretty much worth the trust. I don't see anything like that on stripe.com homepage though. Ditto for paymill.com.
Sorry, looking back, my response wasn't very clear.
I didn't mean Stripe's backend, but the website owner's. Before passing the data to Stripe's API, the website owner might intentionally or unintentionally do something insecure with your details.
Meaning if you wanted to feel 100% safe with your transaction you may prefer to enter your details on Stripe's website where you trust that company and their implementation of security measures.
Unfortunately, if someone wants to try and trick a user into getting their details, there is an infinite number of ways to make their payment page look secure. Worse still, non-tech people wouldn't know to trust a company like Stripe as opposed to any other made up company.