It's not "unsecured." The problem with the site is that the name on the certificate (*.ipower.com) does not match his domain name (http://www.discgolfvalues.com). Not sure why he's using this certificate, but technically speaking your session is still encrypted with a certificate, just one that isn't properly used. He should have a certificate assigned to http://www.discgolfvalues.com. That said, there is still a potential (as unlikely as I think it is in this situation) for a man-in-the-middle attack because of this site.
Basically, iPower is a company that does a bunch of stuff, website hosting, domain registration, etc. Just like GoDaddy. In this case, they also issue SSL Certificates (like the one that's invalid). My guess is that one of two things happened. The most likely is that DGC imported the issuing Certificate Authority as the actual certificate (instead of the certificate they need), and that they actually have a http://www.dgv.com certificate, just not installed properly. The other is that somehow iPower hosting overwrote the certificate that was assigned to the site, as *.ipower.com isn't a certificate that is typically readily available (and not typically used as an Intermediate CA's name...).
All this junk to say, the connection is still secured (with a 2048-bit cert, that's good), the certificate is just untrusted. DGV should really look into this problem though, as, like we're seeing, it creates a lot of mistrust over a site, especially one you're putting CC info into possibly.