Are there security issues with embedding an HTTPS iframe on an HTTP page?
If only the iframe is https, the user cannot trivially see the URL it points to. Therefore, the source http page could be altered to point the iframe anywhere it wanted to. That's pretty much a game-over vulnerability that eliminates the advantages of https.
To fix this, look up "Frame Busting" to detect if iFrames are being used. Consider this solution on StackOverflow:
In that code, you can detect if iFrames are being used, and offer alternative content to direct the user to the proper site.
A HTTPS iframe within a page served over HTTP will not allow the user to be sure they are actually using the HTTPS connection that they expect to be; therefore, this potentially allows the iframe to be hijacked in a simple attack such as an iframe injection. This would allow password harvesting, among other things. Such an attack could begin through a Trojan, a virus, or simply visiting a malicious website.