The encryption takes place in the client though, which you can verify by looking at the client source code. I find your comparison with Facebook a bit lacking, a better one would have been by looking at the Firefox code to verify if https traffic is encrypted.