HTTPS is basically a shield around the data that travels between your computer and another computer, preventing prying eyes from looking at what you’re sending. More importantly, HTTPS prevents someone from tampering with what you’re sending. This is the kicker. As with most things in the world of tech, HTTPS is not a silver bullet that solves all of our security woes. It’s still possible for someone to tamper with your data, but with HTTPS it requires a lot more effort. Security is all about increasing the cost of an attack to the point where it’s not feasible. In most situations, if someone wants something bad enough, they’ll find a way to get it. Certain law enforcement agencies and hackers have been incredibly creative in their approach, usually involving a healthy dose of social engineering (getting someone to do something for you).
When you’re browsing the internet, data doesn’t generally flow directly between you and the website you’re browsing. It has to make a few stops along the way, passing through other servers as it does so before being forwarded on. A great analogy for this would be the postal system. When you send a letter, it will go to a local post office where it’s sorted and forwarded on. This continues until the letter reaches a distribution centre near to you, where your friendly mail service will deliver the letter to your door.
In this analogy, using HTTP is like sending a postcard through the postal system. The message is sitting there for the world to see. Now, those of you who agree with #1 above will declare, “I don’t care who reads my message.” That’s fine and dandy, but it’s irrelevant.