The point of encrypting something that gets decrypted midway by an organization is that there are worse actors than the organization out there. I'm not really scared of Steam abusing my credit card info, but I am afraid of random internet strangers.
Also remember that https doesn't just protect your data, it also verifies that you're actually on the website you think you are. The internet is basically unusable without this guarantee, especially on a network you share with others.
Right, but the original mail from FDO basically said "we know about these examples of bad behavior, we want to notify you that they are definitely unacceptable and we expect to never see something like it again". And Vaxry had a meltdown over that. Among other things, he doesn't get why he should be held accountable for behaviors outside FDO. He has also rejected and commented negatively on the idea of any code of conduct at all for his project. Vaxry is making it as clear as possible that he will make zero commitment to oppose toxicity in his community and people took his word for it. The idea that he was punished solely for a couple of comments that happened years ago and are definitely "fixed" is Vaxry's own misleading interpretation.