HTTP/3 will only work with generally accepted strong encryption whereas HTTP/1.1 will work with known broken encryption. You are correct that the change from TCP to UDP doesn't, by itself, make the connection more secure.Packets are still packets and while less overhead in UDP does increase speed, it is no more secure than TCP.HTTP/3 ditches TCP for the Google-developed QUIC (Quick UDP Internet Protocol). QUIC is built on UDP (user datagram protocol), which trades TCP’s reliability and order functions for an increase in simplicity and speed. .... It’s also more secure and retains support for TLS (transport layer security).