Although its common to think of a secure website as the opposite of an insecure one, the choice is not, in fact, binary. For a website to be truly secure, there are about a dozen or so ducks that all need to be lined up in a row.
Seeing HTTPS does not mean that the security is well done, secure websites exist in many shades of gray. Since web browsers don’t offer a dozen visual indicators, many sites that are not particularly secure appear, to all but the most techie nerds, to be secure nonetheless. Browser vendors have dumbed things down for non-techies.
Last September, I took Apple to task for not having all their ducks in a row, writing that some of their security oversights allowed Apple websites to leak passwords.