Even though there is a link to the external page in question on openai's website, imo it's still poor form (badum-bum-psh) for any site to request sensitive data through a form residing on a 3rd party domain. It's one of those details that makes the hair on the back of my neck stand up.
Edit: Ok the link can be found here in part 4 of : https://openai.com/policies/privacy-policy