> if your setup for postgres has a SSL certificate you're doing something terribly wrong to begin with.
No, that's a bad take. We should encrypt everything. The reasoning for not doing so in the past was computing power. Nowadays, that's really not a problem. Even my personal servers in my home network are all operating with encrypted links - because why the heck not? At work, everything that can be encrypted is encrypted, otherwise it's a bug. Even if currently 'there's no way' for attackers to get to that particular network. Emphasis on "currently". We shouldn't be a compromise away from leaking everything. Defense in depth.
Plus, the more you are familiar with setting up encryption, the less tempted you are going to be to cut corners when you are setting up something that's at a higher risk.
