Prompt injection: what’s the worst that can happen?

[ggm]

Why isn't the prompt path TLS protected end to end? If the attack is at ends not on path then it's not altering GPT that's a risk, you just inject whatever you want irrespective surely?