No, it's more like that if I leave the front door open, it would still be more secure if the driveway was lighted up so that any inappropriate visitors would be visible.
[Analogies may be terrible, but lack of encryption is an additional factor making attacks even easier, particularly for the purpose of discovering the attack vectors.]
I'll give you the benefit of a doubt that you are arguing the general case, but I'm talking about this case specifically. If all you need to do to access the data is to just browse to a specific address, it matters not whether you need to put http or https in front of that address. No need to set up any eavesdropping devices en route. Just point your browser to the address and download the data. Transport security will not protect your data if you have no access control.
I think his point is that if you are in a Starbucks and you figure out what's on the server, all the other people with hoodies in the Starbucks now know as well.
[Analogies may be terrible, but lack of encryption is an additional factor making attacks even easier, particularly for the purpose of discovering the attack vectors.]