We know that on accessing https url, we see a small padlock icon on the bottom of the browser window. I'm curious if this padlock is set by the page designer when the page is designed, or would that be added by the browser, when it accesses a HTTPS url. Please clarify.
It's set by the browser, and indicates it retrieved the page over SSL. But that does NOT mean that if you see the padlock, any form you're going to submit will be encrypted: The form could have been retrieved in a frame that was loaded over HTTP, or a form submit could go to an HTTP URL. Either way - no encryption.