A method of posting HTML form data securely is provided. Some embodiments may use an existing security protocol to send the sensitive information as an encrypted challenge from a client to a server, while other embodiments may require a bidirectionally-authenticated tunnel to be created before sensitive data is transmitted. The browser displaying the HTML form may employ user interface elements, such as graphical images and/or display messages, that actively notify the user when the webpage form is not secure via bidirectional authentication.