Yes, the S matters a lot, it's not a technicality. HTTPS is HTTP with encryption added on top, and that encryption changes what's actually possible for someone snooping on the connection.
With plain HTTP, data travels between your browser and the website's server as plain text. Anyone positioned between you and the site, on public WiFi, your internet provider, someone on the same network, can potentially read everything: passwords you type, credit card numbers, what pages you're viewing. They could also tamper with the data in transit, injecting ads or malicious code into a page before it reaches you.
HTTPS adds an encryption layer (TLS) that scrambles the data before it leaves your device, so anyone intercepting it sees gibberish instead of your password or card number. It also verifies you're actually talking to the real website and not an impostor pretending to be it (this is what the site's SSL certificate does), and it confirms the data hasn't been altered in transit.
The lock icon means your browser successfully verified the site's certificate and the connection is encrypted. No lock (or a "Not Secure" warning) means none of that protection exists, anything you send is exposed. That's why browsers now actively flag HTTP sites: any page asking for a password or payment info over plain HTTP is a real risk, not just an old-fashioned setup. Most legitimate sites moved to HTTPS years ago, including ones that don't handle payments, partly because Google also ranks HTTPS sites slightly higher in search results.