Node-Red TLS connection

Hello. I’m a beginner. I want to develop a fully secure IOT system.
I configured a device to connect to hivemq cloud broker with server certificate.
I saw some people connecting Node-Red to hivemq without server certificate, just using port 8883 and authorizing secure connection. But connecting without server certificate is safe?
Also, would I need to configure Node-Red for https instead of the default http?
Thanks.