>it is safe unless someone has access to your screen

It's not, because the "secure key" is only in the domain name, which is transmitted in the clear via SNI. That means anyone along the network path can get the key, and therefore can get access in your terminal.