The idea here is that eBPF does not constrain us to the non-encrypted protocol. And that we can observe the encrypted traffic as well - and we can do that from the kernel, without applying potential buggy changes into our application that may in fact some day be a back door to an unecrypted traffic.

While the idea with eBPF is that eBPF verifier supposed to prevent that and not allow the backdoor to ever exist. (in an ideal world ofcourse)