This is a real problem and I don't mean to minimize it. But weak encryption is infinitely better than none,
Not when people think "It's encrypted".
Sometimes it is much better to know something is insecure and behave accordingly than to depend on a lie and get burned.
VPN technology especially is particularly abysmal everywhere I go customers using PPTP, some form of challenge-response authentication over the clear or over shared keys or using EAP methods without properly verifying trust chains. At least with secure websites we have security checkers like Qualsys... if you were to run that same scanner on the TLS channel protecting authentication it would universally fail. Even the CBC record splitting hack is explicitly disabled for backwards compatibility. Have never been on site where VPNs were deployed (both client and server configuration) properly.
many wholly unencrypted connections that are happening this very moment. I think we should prioritize getting all connections everywhere encrypted somehow.
When normal people hear the word "encrypted" what they actually hear is "secure". Nobody understands what "encrypted but insecure" means.
Lies can be worse than doing nothing. Much better to do it right in my opinion.