Is There Any Risk When Visiting Websites Without Secure Connections If You Don't Enter Personal Info?
There are some risks to HTTP sites even if you're not entering data.
There is the privacy risk, as others have pointed out. Someone in a position to observe your traffic can see a lot more about what you are doing. E.g. if you're browsing a news site over HTTPS, they can see that you're browsing the site; with HTTP they can tell what articles. There is a lot of additional metadata visible that could be used to fingerprint you; this can allow someone to correlate the activity they can observe with other sites and potentially identify you.
But the other big risk is the lack of integrity. With plain HTTP anyone your traffic is sent through can insert malicious files. E.g. your ISP or whoever's wireless you're using can insert ads, crypto miners or other malicious content. HTTPS provides integrity protection, so if working correctly, this means that an attacker would have to compromise the destination site to do this rather than just get you to connect to their WiFi.
It is neither fully safe to visit a website with HTTPS since HTTPS only protects the communication between client and server and does not secure the web site itself or protects against deliberately serving malicious content. Nor is it fully unsafe to visit a site without HTTPS or with an invalid HTTPS certificate since even if there is a possibility of an attack an actual attack will not happen is most cases. But there is of course an increased risk when no HTTPS is used or if HTTPS warnings need to be skipped in order to access the site since it adds additional ways for an attacker.
An error during validation of a certificate might point to an inability of the site admins or hosting provider to setup HTTPS in the correct way. This might actually be the consequence of a larger problem of not being able to properly secure the site or of not caring about this in the first place. Especially expired certificates highlight sites which are no longer maintained and where nobody actually cares about security. Such an abandoned HTTPS site is therefore likely more vulnerable to being attacked and to be used to serve malicious content than a well-managed plain HTTP site.
Errors about name mismatch instead are often the result of a larger hosting provider mixing customer domains with and without HTTPS certificates on the same IP address. This will usually result in the plain HTTP sites being accessible by HTTPS too, albeit with a non-matching certificate. Many search engines will unfortunately ignore certificate errors while crawling which results in these sites ending up in the search index with HTTPS and will immediately result in certificate errors when visiting from the search results. So getting such a warning when accessing a site from a search engine is still a serious problem but a less serious one than a long ago expired certificate or when getting a warning by following a link from somewhere outside a search engine.