While this is less secure than a verified certificate, it still avoids plaintext on the wire and requires an active MITM to eavesdrop.