Depending on your threat model it's perfectly fine. It won't work against a nation-state-level adversary, but I don't get the feeling it's meant to. Against opportunistic passive sniffing or active MitM in cafés and such it's adequate.

Yeah exactly -- it's a condom rather than an enigma machine.

Condoms are good security for sex. An enigma machine wouldn't be very helpful on the other hand.

It's oftentimes worse than nothing against passive surveillance: If you surf from home, your local spooks are with some likelihood forbidden from arbitrarily looking into your communications. Once you pipe it to abroad and terminate the "VPN" on that end, you can be pretty sure your browsing/torrenting habits enjoy no protection from any country's spooks, including your own. And traffic analysis lets eavesdroppers trivially correlate the VPN endpoints with the traffic leaving the VPN.

/s

Name checks out! (As they like to say on a certain other message board where snarky comments are de rigueur. )