Here’s how it works:
When you log onto a secure server it communicates with your browser for a few seconds. During this communication, it sends your browser encryption information that only it and your browser can read.
Once this encryption is set, it acts like a normal web page, except that all info coming or going is encrypted. This encryption makes it extremely difficult for any third party who would intercept the transaction to decipher it. (All this extra protection is why secure servers seem to run slower than their unsecure counterparts.)
Secure connections only protect the info as its coming and going, not when it’s just sitting on the server.
That being said, you probably have a better chance of getting ripped off by a sales clerk copying your credit card number at a department store than getting your information stolen over the Internet.
You can tell a secure site by the first part of its web address. If it starts with https:// rather than http:// it’s a secure site.