A telnet client just lets you type into a raw tcpip socket. So you can use a telnet client to work with text based protocols like http and some databases (and many other things). There is no actual connection between telnet and http. When you use a telnet client as a way to type into a socket, you don't use any feature of telnet.
Anyone who sees the raw network traffic can see everything you do and also to change what you send and receive. So people use crypto. In the 90s, three different groups of people were inventing secure network connections at the same time. We got ssl/tls, ssh and ipsec. They all have issues but all can be made secure if you use the latest versions and configure them right.
SSH was meant only for secure Unix terminal over a network. But it can be used as a secure tunnel. TLS was meant as a secure tunnel for applications. IPSec was meant as a secure tunnel for network equipment, invisible to applications.
In the most basic form, you can use all three to create a secure tunnel between two computers and let unmodified client-server software communicate through that tunnel unaware that it's now secure (encryption, integrity, authentication, forward secrecy, etc).
So if you use ssh port forwarding or tls stunnel or ipsec vpn and then make http requests so that traffic passes inside an ssh or tls or ipsec tunnel, you're using http over ssh or tls or ipsec. Of course, since the http client in not aware of the tunnel in this scenario, you won't get a green lock icon.
Because the three groups had different use cases in mind, the way the protocols are used most often varies. That's just different optimizations and implementations. HTTPS could have been built over ssh protocol. Secure Unix shell could have been built over TLS. They all move towards djb nacl/libsodium crypto with pluggable authentication.