Ok, so here’s the deal about http versus https, in layman’s terms:
https sites have their identity confirmed. It’s like Anne Hathaway being carded to confirm she’s really her and not just an absurdly good look-alike trying to get free drinks at the exclusive club.
Why does this matter? You’ve heard of phishing, right? When a site poses as another site to steal your password or credit card information? Right? Good. So, this poser phishing site, it can look the same, even down to the url in the address bar, thanks to super sneaky technology. This is like being an Anne Hathaway lookalike who actually changes her name to “Anne Hathaway” to fool more unsuspecting bouncers. https is our defense mechanism against this, a technical way to confirm the identity of the site you’re visiting to ensure it’s the real deal.