If you use the standard embed code, you do not need SSL for Marketo. If you iframe the form on a Marketo landing page, you will need SSL. If you change the form embed code to load the form script via your landing page endpoint, you will also need SSL.
The answer is more complex than just Yes/No.
Marketo always offers an SSL-secured domain, https://<Your Pod URL>.marketo.com, from which you can load embedded forms.
However, when browsers have tracking protection enabled they may prevent any communication with *.marketo.com. Even though form fills themselves don't constitute tracking, they get blocked in the same way.
As a result, the strong recommendation for awhile has been to use a custom Landing Page domain instead of the *.marketo.com domain. And in order for that to work from SSL sites, the LP domain needs to be secure as well (you need to enroll in Marketo's SSL service).
Furthermore, due to recent changes in Safari, we are no longer recommending that you use the Primary LP Domain, but rather to register a secondary Domain Alias to load forms. So if your Primary LP Domain is pages.example.com, use pages.example2.info as your forms domain.