Currently you can get encryption if you care to configure it, so some have crypto and some don't; but if all certs are trusted, then everybody gets compromised crypto, which isn't much better than no crypto, so it's IMHO a downgrade.

The problem is ownership and trust roots. If you don't uniquely own a domain name then you can't get a TLS cert for it from a public CA. Private CAS still work, but are challenging.

I've been exploring private-use-only domain registration at https://www.getlocalcert.net/, which is compatible with LetsEncrypt.