To add, what does the āSā in https even mean? For most people it means secured by TLS as attested to by a Certificate Authority. Which in the nostr scheme of things should raise eyebrows.
DANE-EE is about self-signed authentication for TLS as the secure tunnel itself. But you still have TLS with Handshake, it's just via DANE-EE, which is an objectively more secure way of going about it, given that DNSSEC is baked in all the way through.
So any argument that HNS isn't inherently secure doesn't hold up, at least for headless client-to-server or server to server where you don't need certificate authorities or Chromium devs on your side.
That said the Handshake chain itself is not so healthy, which is another matter and is the real reason to go and look for something else.