There is a potential security flaw in their suggest html and js implementation. If the user is browsing with js turned off or the Braintree.js library doesn't load the cc information will be submitted to the server unencrypted. You really should exclude the action attribute from the form to stop the form submitting and add the action back in after encryption.
Edit:
It's not quite a bad actually, did see all the code as on small phone. As they exclude the name attribute from the cc inputs they won't be included in the submission, I think it's still worth excluding the action until the form has be verified by js to not included any unencrypted data though.
Edit: It's not quite a bad actually, did see all the code as on small phone. As they exclude the name attribute from the cc inputs they won't be included in the submission, I think it's still worth excluding the action until the form has be verified by js to not included any unencrypted data though.