Even with an HTTPS connection, you will still get an untrusted warning unless your web site (the device) has a bound SSL certificate that is valid, trusted publicly etc. This can be a finicky process so make sure everything was done perfectly.
Most importantly is to get traffic flowing over the encrypted/port 443 protocol so it is not easily possible to see any data in transit. "Trusted" really means nothing if you are using this within your own environment....we have many internal web servers that do not have valid certificates as we don't need to "prove" their identity to any outside source. The traffic is still secured.
To be honest, if there is really no actual personal data flowing OVER the internet link to one of these devices, even having it encrypted is really not that big of a deal. Someone that get access to the data might see the data from the device...but really, who cares if it is just temperature data.
Example...but if you are "signing in" to the web site using an ID/password to maybe adjust settings etc...then you certainly want to force HTTPS. Using HTTP could result in someone gaining access to the credentials that were used if they are sniffing your traffic.
Also very important is to ensure that there are no open back doors/holes in their web server so someone could possibly hack into the device to gain further access to devices on your network. MOST network hacks with IoT devices occur not because someone snooped the actual traffic, but because the web server or device has known vulnerabilities.
Personally, if you only need access from specific other locations, firewall rules/access control lists which prevent anyone, other than trusted IP addresses to even see the IP address of your device is a more effective means of securing the actual device.
For example, if you only need access from work...lock your firewall so ONLY the public IP address of your work computer is permitted to see the IP address of your device/firewall port. Deny everything else.