They will be able to view the public certificate but will not be able to sign or decrypt anything because they do not have the corresponding private key, which is never sent over the wire.
HTTPS protects against MITM attacks.
When the owner of the domain originally obtained a certificate, the obtained signed attestation from a trusted provider that they were able to field requests to that domain. Those requests can come from anywhere and are not possible to MITM. This attestation pertains to a public key/private key pair.
An unsecured network doesn’t help an attacker gain your TOTP and password unless you’re using a website without HTTPS or that otherwise messes up by putting the credentials as query parameters.
The most an attacker might be able to view is the addresses of the sites you are connecting to.
Because the price paid is somewhat less than the value derived. You might have been willing to pay him $110 and he might have been willing to walk away with $90. But regardless of whether you settle on a rate of $90 or $110 or split the difference at $100, a $20 positive sum is created.
You mention competitive markets, where surplus is reduced or almost eliminated. But most markets do not reach such a late stage level of optimization.
Free time isn’t zero sum. An accountant and a plumber can create free time by trading services. If it would take a plumber five hours to file his taxes, he could instead fix the tax accountant’s sink in one hour in exchange for the tax accountant filing his taxes. Assuming the tax accountant can do so in one hour and would have taken five hours to fix his own sink, both profit by reclaiming four hours of time.