https does 2 things: encrypt the communication (self-signed certificates are good enough for this), and verify that the site you are connecting to is what it seem to be, because a certification authority trusted by your browser signed the certificate that that site presents, and it should had validated somehow that the site belongs to its rightful owner.
The second part is the important one in this context, because there are ways to trick your dns resolution or ip routing. The dns resolution part is mitigated with DoH (that it also uses https with certificate), but that doesn't covers everything.
It might not be so fundamental for some just browsing sites, but for the ones you send data (not just credit card info) you may run into some risks.
Self signed certificates really aren't good enough for encryption, unless you're doing TOFU before the MITM happens.
Otherwise the evil MITM can decrypt the traffic, modify/inspect it, and re-encrypt it with their own self-signed certificate, and you're none the wiser.
Maybe it would have been better if we had encrypted only form data instead and only signed websites not encrypted them like package managers do. This also would allow caching in the network.
The second part is the important one in this context, because there are ways to trick your dns resolution or ip routing. The dns resolution part is mitigated with DoH (that it also uses https with certificate), but that doesn't covers everything.
It might not be so fundamental for some just browsing sites, but for the ones you send data (not just credit card info) you may run into some risks.