Check the source. There's a section in there named 'start login_module_shared'. Glancing through it, you can see that it's passing the login info to a https address.

<form style="display: inline; margin: 0; padding: 0;" name="logonform" id="logonform" align="center" autocomplete="off" action="https://chaseonline.chase.com/siteminderagent/forms/formpost.fcc" method="POST" onSubmit="return validateandsetcookie(document.logonform.usr_name, document.logonform.usr_password.value, document.logonform.remember.checked, '.chase.com','RBGLogon')">