https does NOT make a website safe. http does NOT make a website unsafe.
Neither have anything to do with the safety of the server.
https simply creates a secure socket layer (SSL) in the connection between you and the server so that any data transmitted to and from is encrypted point to point.
A website with an http connection is completely safe to visit and browse unless you are exchanging critical information such as credentials, credit card info, etc.
When you visit a website it’s incorrect to think that it is a direct connection. The connection spans through several routers and switches along the way. See image.
With an http connection all the traffic between you and the server is in plain text readable format. At any point along the journey to and from the server the data packets could be intercepted (sniffed) and read. This is why you don’t purchase things, or log into, or read personal medical history from a website connection over http. For general browsing it is complete safe.
Now, when it comes to the safety of the servers you are visiting it makes no difference if the connection is http or https. If the bad guys create a malicious website the bus you take to get there makes NO difference.
This fact used to be understood. Over the last 5 years or so there has been a push to create fear if the connection is not https or if the SSL certificate is self signed. Web browsers have been updated to issue warnings that incite insecurity and incorrectly label sites that are not https or have an SSL certificate not from a certificate authority as dangerous. It’s not the sites that are dangerous per se, it’s the bad guys that could be between you and the server sniffing your credit card info or other personal information you provide.
