Secure against some threats. In the case of HTTPS, it’s against someone spying on the wire, and a site impersonating the desired site. HTTPS doesn’t protect you from the site itself.

Same with other security and privacy measures. None of them protects against everything, each protects against some specific threats.

When you leave your house people can see you and what your wearing where your going, but once you get in a taxi, bus, train, then it’s much harder for anyone other than the transport provider to track you – but they know where you going etc.

Because that’s a different kind of tracking.

When you use Facebook and agree to their terms and conditions, you agree to them gathering data on you. There is an agreement between you two.

But https Prevents some other third party that you have no agreement with from stealing data that you’ve only agreed for Facebook to track 

I regularly use the analogy of physical mail. HTTPS does ensure that a mailman carrying your package is not able to read it. But it does not ensure that the party at the other end(Which is required to open it in order to read it at all) does not abuse the knowledge gained from receiving your package.

There is this friend you have at kindergarten and you share your toys secretly.
No one else knows about your toys collection, but he knows every one of your toys and can destroy or take advantage of them if he decides to.
He can also learn your taste of toys and buy a good one for your birthday party next.

They can see who you are.
They can see who you’re talking to.
They don’t know what you’re saying.

They know u/UnconstitutionalLens was communicating with their bank, but NOT their login credentials, account values, transactions, etc.

The information is secure in transit. Once it gets there it’s on the company to keep it private or not. Http (no s) is not secure in transit. Anyone along the way who is watching can read everything.