It's not that one is insecure and therefore to be avoided, it's just that https is encrypted and even if someone goes to the trouble of intercepting all of the information that's sent between your PC and a webserver, they wouldn't be able to decipher it.
So, strictly speaking, you're right in saying that one is "secure" and one isn't where the https and the word "secure" denotes the encrypted SSL connection.