I think it's important to add - or remember - that sites using SSL / TLS encryption are not always "legit" or "secure" because the connection is encrypted.

A malicious site, scam site, etc .. can use SSL / TLS certificates too. It's pretty easy now with a lot of services offering free certificates. I'm sure a lot of scam sites or phishing sites exposed here had SSL / TLS encryption enabled.

I see a lot of people on Internet thinking "Hey, there is a green padlock symbol, so it's safe to enter some personal info". It's not. You are wrong. It only means that the transmission is encrypted. But if the guy behind the site is malicious, then you are fucked as well.