I think you have a good point. IMO (and I believe relating to the content students are required to learn), students should understand the concept of encryption as well as site certificates - which is what (and the only things) the padlock icon represents (to my understanding). It says the owner is who they say they are, and that the connection is encrypted - thus, the owner can correctly claim to be someone who looks very much like a someone else (“I didn’t say was Donald, I said I was DonaId” (that’s a capital “i” before the “d”)), and all the secrets you tell that someone else will travel safely between you two.
It is potentially dangerous (but easy) to simplify the padlock icon to mean “everything is safe”.
I’ll forward your suggestion to code.org staff. Thanks for the constructive feedback!