The short answer is yes, SSL is required. While the Donorbox forms are SSL/TLS secured themselves, your site that hosts the form embed or the popup should also be SSL secured. There are two reasons for this:
1. If the parent site is not SSL/TLS secured, it might be susceptible to a man-in-the middle attack.
2. Your donor will be more likely to donate if they see the SSL/TLS lock seal in their browser.
The easiest way to install SSL is to contact your web host. Some web hosts such as Squarespace, WIX, and DreamHost offer free SSL. If you are just linking to your https://donorbox.org/campaign page, you do not need to install SSL because the page is fully SSL secured.
Another way to install SSL is to use CloudFlare's CDN which provides a free SSL layer. Cloudflare installation is more complicated. Please consult someone who is an expert with DNS to do this. Your site may experience downtime if Cloudflare is not configured correctly.