this is a tricky one.
your basic question:
misses the over all picture of what is happening when the submit button is pressed.
the answer to the basic question is Yes, the form data is passed to the server in a secure format.
However, that does not mean that the form data is sent to the user in a secure format in the email.
When the form is posted using a page that is hosted through SSL, the form data is sent to the server in a secured format. The server process the form data and compiles it into the email message.
once the email message is complied, it is sent to the SMTP server. this is where the security chain breaks, the connection to the SMTP server no longer uses SSL, so the email message is no longer secured.
Email is inherently an insecure form of communication.
The forms action tells the form where to send the form data when the submit button is pressed.
In most cases, leaving the form action blank is correct. but is some cases, you will want to submit the data to another page.