You are right. However, nothing is really secure. As Emails still operates on a store-and-forward model, where your message, jumps from server to server (akin to UUCP in the 60s). Even SMTP is not secure in itself without authentication layers.
And also HTTPS is still sent as plain-text. Cert authority in itself doesn't have the keys to decode the text, it just an authority to show the plain-text, but all along, it was a plain-text.
HTTPS is not plain text. Only the initial DNS resolution is (www.google.com). Everything after that is encrypted — address, payload, etc.
The cert authority simply signs a cert saying “this public key belongs and is controlled by the owner of this domain name”. Since we both trust the cert authority, that signature allows us to prevent mitm attacks.
From there, we can do a Diffie-Hellman key exchange and derive our secret key for encryption / decryption.
That is secure and is the backbone of the internet today. It allows all of us to send messages to an intended recipient without worrying about other parties prying into our business.
A proxy introduces an unnecessary and unvetted third party into an exchange. There is significant financial and political motivation for hijacking sessions for higher access to the chatbot & future versions of it. It is not a good pattern to make a habit of.
I am speaking from professional experience,
but I am not an expert.
I used to work professionally for a Cybersecurity company in the past for just 3 years, it was just a short tenure, so my views are plausible.
I have design MITMA boxes for WIFI and HTTPS (For capturing/understanding botnets in honeypots), so I've seen how plain-text HTTPS are. (But again, I am wrong, as I am speaking from experience.)
Maybe you’re talking about some of the headers? Idk.
It doesn’t matter in any case as OpenAI released the ChatGPT official API, so the original post is irrelevant. That package will transition to the official API and be should be usable.
And also HTTPS is still sent as plain-text. Cert authority in itself doesn't have the keys to decode the text, it just an authority to show the plain-text, but all along, it was a plain-text.