A secure connection makes absolutely no difference, if you log on to an internet site that pushes a keystroke logger back to you. So it came back over a secure connection? So what? You're still infected. They still get your password and go hunting on the site you typed it into for your personal data.
Visiting an infected site is a different problem, but one that is just as real. Beware of social engineering, which will attempt to convince you to install malware. If you are a Windows user, install antivirus and anti-malware packages, and set your firewall to deny any incoming connection requests. Even better, install an upgraded firewall that denies permission both inbound and outbound until you grant it. Checkpoint software's Zonealarm works like that. Keep up with all the updates.
I used to tell my kids when they were teens "To stay out of trouble, don't go where trouble is." The same is true for computing. Visit only trusted sites. If you have the moxie to learn a different operating system, don't use Windows. Windows is where most of the trouble is. More than 90% of malware targets Windows and its applications. Use LInux, OS X, BSD Unix, OpenSolaris. But keep up with the updates in these also. One caveat to even in this operating systems is to beware of applications that use windows-like scripting -- browsers and OpenOffice/LibreOffice come to mind immediately.
T. P. Donnelly
S/V Tranquility Base
1984 Islander 30 Bahama