This recommendation applies to version 5.3.5 of this plugin, but the most recent version is 5.3.6. These findings may no longer be correct.
Note that this plugin appears to be a wrapper for formget.com rather than doing the work purely within WordPress
This may be a compliance issue for organisations with high data security requirements
It also means that there may be some functionality which cannot be legally tested by third-parties without permission
formget.com is loaded in an iframe over an unencrypted HTTP connection in wp-admin
formget.com assets are loaded over an unencrypted HTTP connection when displayed to the user, at least when using http:// URLs to access the site in question – this appears to switch to HTTPS when the site is accessed via https:// URLs