We used to believe that a padlock shown in a web browser’s address bar meant that we were connected to a safe and secure web site. That’s no longer true. In fact, it never was completely true.
The padlock is shown when a web site has a security certificate installed and the connection is made using an encrypted “https” connection.
HTTPS protocol. (The letter “S” after “http” indicates a “secure” connection.) In fact, an https connection has some arguable drawbacks. Mainly, there’s virtually no barrier to anyone obtaining HTTPS certification, which has made it attractive for criminal groups hoping to add an air of authenticity to bogus sites. That little green padlock guarantees that you’re sending data encrypted, but not that the person on the receiving end has scruples.