Actually HTTPS doesn't necessarily guarantee end-to-end encryption, as it is theoretically possible to negotiate a "null" encryption cipher, although this wouldn't (shouldn't!) be supported by any remotely modern web server. HTTPS does also provide some authentication as to the identity of the website on the other end. Basically your browser will check that the website name you are accessing matches the name embedded in the signed security certificate presented to it by the website, so if you are trying to access a page on ba.com via HTTPS and are somehow redirected to a different website pretending to be ba.com then your browser would flag this up.

As EsherFlyer says, however, this alert won't be raised if you or your browser have been somehow manipulated to deliberately try to access a web page on an imposter website, eg "britishairwaves.com". If your browser thinks it is trying to access "britishairwaves.com" via HTTPS, and that is the name on the certificate it receives, then it will be happy.

The need to stop this manipulation is why the main BA page (or indeed any page that contains the login form) needs to be served over HTTPS to be properly secure. At present it isn't, and because of this it is feasible for an evildoer to change the main page so that the login data is sent to "britishairwaves.com". If the evildoer has the appropriate certificate for "britishairwaves.com" then they will even be able to do this over HTTPS without an alert being raised.

tl;dr - The main ba.com webpage (and any other page containing a form that lets you login) should be served over HTTPS. Just submitting the form data to an HTTPS URL from a non-HTTPS page isn't sufficient to protect against manipulation and redirection.