"Secure" against what threat model? If your threat model is a passive eavesdropper that simply reads the contents on the wire, but cannot actively change things or impersonate as another hostname, it will be secure.
While this attacker is too weak for most security use cases, it will cover many forms of passive mass surveillance by ISPs and governments, so it is quite valuable in that sense.
While this attacker is too weak for most security use cases, it will cover many forms of passive mass surveillance by ISPs and governments, so it is quite valuable in that sense.