This is the example HTML taken directly from the WorldPay "Template Form".
They recommend this method if:
But an evil "hacker" has just changed the <script> tag to use a different URL, nothing more.
As this is insecure, you MUST test with one of these cards (I don't want any of your personal data):