Seems to be pretty secure, it uses an industry-standard asymmetric encryption algorithm up to 2048-bit in strength.
My concern would be over trusting a site that hasn't forked out a measly £250 for an SSL cert but still wants important enough information for it to require encryption.
It increases the number of people he can take with him should he decide to end it all.
Verisign seemed to be more expensive that Thawte when I looked, but the difference wasn't quite that significant. At $30 it becomes worth more of a punt.