Right, but how do I know whether the URL pattern is legitimate? I don't work for the IT department at my bank. If the answer is to just eyeball it, that does seem like a far worse security problem than HTTP has ever been.
HTTPS isn't a panacea for all security issues. It ensures that when you connect to website.com, you'll get whatever website.com sends to you, without anyone else eavesdropping and tampering with the connection.
HTTPS doesn't prevent you from going to weebsite.com. There are other security measures for that, but it's also your responsibility to check.
It doesn't even do the first thing. There are multiple vectors where someone could tamper or eavesdrop on a HTTPS connection, perhaps the biggest one being CDNs. As a visitor, you have no real idea how secure the connection is, even if it has a "padlock". HTTPS offers some protection against local attack vectors, from your ISP or on a public WiFi, but that's about it. The server could be compromised, or malicious, you have no idea.
Putting the responsibility for checking the rest on the user is honestly a mistake. They could be dyslexic, and may not be able to detect a typo. They could also be 85 years old and not understand half of what you are saying. These are the problems browsers should be focusing on. Security is not as easy as encrypting the protocol and saying everything else is user error.
You keep sidestepping the benefits. You want website.com you get website.com. It's impossible to know the infrastructure of that website and simply isn't something HTTPS will fix. That's more of a social/legal problem of how companies can handle user data.
The benefits are pretty small compared to the cost of requiring HTTPS everywhere, which is allowing silicon valley to bully the entire internet into jumping through its hoops to get traffic.
The websites that aren't willing or able to do so are, in my experience, some of the more precious ones we have on the Internet. The websites that aren't trying to monetize their visitors are the ones that get Thanos:ed out of apparent existence. What gets lost isn't the spam or the malicious websites, they of course adapt. What gets lost is the unique views, the personal websites, like from some 80 year old who has meticulously published a catalogue of his astrolabe collection online over the last 30 years.
You can protect yourself by going directly to the URL and checking you're on the right domain.
If you don't enforce HTTPS everywhere, any website is potentially malicious, e.g. visiting http://cookierecipes.com can have the same consequences.