I think there still might be valid situations when using http on the watch for connecting to HA over internet is still secure that I haven’t thought off initially: such as by using a VPN client on phone to connect to home router whilst HA doesn’t have port forwarding enabled (so HA is still accessible by 192.168.x.y on LAN).
Then, if the watch connects over bluetooth to phone, the entire chain doesn’t use unsecured components (except, off course, for bluetooth or the VPN connection itself ) but I don’t have a Wear OS watch to test.
Yeap, 2/multi FA is quite nice to use and not only in this case.