I already answered this in a previous post, above.
There is NOT a bug in zen_draw_form. The "bug" is actually a deeper core design flaw inherited from years back. The design flaw will be fixed in a future version.
The CORRECT solution for NOW is to use an https URL in HTTP_SERVER: define('HTTP_SERVER', 'https://your_domain.com');



