No it's not normal. Public companies normally notify NASD and use the system to distribute divvies. You assume a real risk in becoming a victim of identify theft when handing over personal info this way.
As for site security, your browser will show a small lock or similar indicator if there's a secure connection between your PC and the server. Without this, any data transmitted can easily be stolen by third-party sniffers. Once on the server, the data's security depends entirely on their employees and IT folks.
-----
"We simply attempt to be fearful when others are greedy and to be greedy only when others are fearful."
-- Warren Buffett