This is the example HTML taken directly from the BrainTree "Drop-in Payment UI".
They says that "it is eligible for SAQ A since Braintree hosts the form that captures customer payment information".
But an evil "hacker" has just changed the <script> tag to use a different URL, nothing more.
As this is insecure, you MUST test with one of these cards (I don't want any of your personal data):