Google wants every website to have an SSL Certificate and use the https: system (although currently, only about 2% of all websites do). Even now, Google’s browser, Chrome, actively promotes SSL sites above non-SSL sites in search listings (yes, really).
However, not all is at it seems, as some sites that Chrome will say are ‘Secure’ and seemingly have SSL certificates are not necessarily so, or even safe to visit.
The key is to check the host name in the URL in the location bar. If it looks simple – like https://www.play.google.com/blahblahblah, then all is probably well. If it looks AT ALL hinky, as in one of the examples given in this article - https://www.play.google.com-index-scure.com/blahblahblah, then it’s almost certainly an insecure ‘phishing’ site, trying to pretend to be Google Play – don’t go there! For more details see https://www.wordfence.com/blog/2017/03/chrome-secure/?utm_source=list&utm_medium=email&utm_campaign=032817.