> So the only thing https can hide is the content, such as a credit card or password that you enter into the site.
TLS is not only for hiding the content, it's also for authentication: it ensures that no malicious middle party can modify the content, for instance to inject malicious Javascript (for an example of this happening, read about the "Great Cannon" attack on GitHub).
TLS is not only for hiding the content, it's also for authentication: it ensures that no malicious middle party can modify the content, for instance to inject malicious Javascript (for an example of this happening, read about the "Great Cannon" attack on GitHub).