No, it's not. If a man-in-the-middle attack is possible (certainly the ISP could), then encryption without authentication is as insecure as no encryption at all. And in fact worse if the user has a false sense of security.
The MITM pretends to be the bank's server (or whatever) when talking to you, and pretends to be you when talking to the bank's server. Both channels can be encrypted, but the attacker still sees (and can modify) everything that you think you're sending directly to the bank's server.
This is the key point that most people seem to be missing here. If browsers didn't warn about self-signed certificate, the entire system would break down because an attacker could just use a self-signed cert in a MITM attack, and the user would have no idea.
The MITM pretends to be the bank's server (or whatever) when talking to you, and pretends to be you when talking to the bank's server. Both channels can be encrypted, but the attacker still sees (and can modify) everything that you think you're sending directly to the bank's server.
This is the key point that most people seem to be missing here. If browsers didn't warn about self-signed certificate, the entire system would break down because an attacker could just use a self-signed cert in a MITM attack, and the user would have no idea.