First, assuming you're using tracked links in Marketo, it's the branding domain, not Landing Page domain/aliases, that appears in your emails. So that's where security (or lack of same) is seen by the recipient's server.
Despite some FUD out there to the contrary, linking to insecure sites is not yet weighted negatively at the deliverability stage.
Linking to secure sites may add some positive weighting, but spam scoring algorithms cannot consider the presence of an SSL cert alone to mean the site is legitimate. It doesn't even cost anything to get a cert anymore (on the web in general, not speaking of Marketo!) and it's trivial to put up an entirely malicious site that happens to offer secure connections.
In addition, an http: link rendered in an email doesn't mean the connection will actually be insecure. If you run HSTS on your main domain and apply it to all subdomains, then as long as someone has visited your site before (or if you're in the HSTS preload list in browsers) then the connection will be secure from the start. So it's not a strict http=insecure, https=insecure situation anymore.
However:
- Having forms on insecure pages sounds the (visual) alarm in browsers.
- If your main site is secure and you use embedded forms, you must have secure LPs to ensure the form will render even when Tracking Protection is on.
- From the search engine standpoint -- if this matters for your LPs -- secure sites are favored over the insecure competition, all else being equal.
- Secure links look a lot more professional if you're in an industry where security is assumed. For example, a bank, whose account management app is secure, should not be sending insecure links even for marketing purposes.
.png)