I regularly use the analogy of physical mail. HTTPS does ensure that a mailman carrying your package is not able to read it. But it does not ensure that the party at the other end(Which is required to open it in order to read it at all) does not abuse the knowledge gained from receiving your package.