Users are not discerning enough to look for the padlock; they'll get taken either way. They are not the problem here.
The bigger problem with this is that the paths being requested can't be monitored by intermediary devices unless you're MITMing all outbound traffic.
It becomes impossible to tell whether a domain is simply cybersquatting or if they're up to something more sinister. '/' may return a parking page, '/login' may return a phishing page, and '/?id=c4010087800cf4e5753c80c9afbe0fe5' may be a malware callback, but as far as you can tell from your network logs all traffic to httpx://www.xn--bbox-vw5a.com is simply requesting '/'.
The percentage of people using network inspection for “good” like malware/phishing filtering is much lower than the percentage using it for bad stuff like ad/cancer tracking.
Still, I wish it was easier for me to locally MITM a single application running on my computer/phone. I find myself wanting to do this roughly every month.
The bigger problem with this is that the paths being requested can't be monitored by intermediary devices unless you're MITMing all outbound traffic.
It becomes impossible to tell whether a domain is simply cybersquatting or if they're up to something more sinister. '/' may return a parking page, '/login' may return a phishing page, and '/?id=c4010087800cf4e5753c80c9afbe0fe5' may be a malware callback, but as far as you can tell from your network logs all traffic to httpx://www.xn--bbox-vw5a.com is simply requesting '/'.