Maybe encryption isn't important for you, but it is for some people, especially professional athletes. Imagine a Tour De France rider or their follow car being able to read the heart rate of their competitor - this could easily inform their strategy.
Radio transmit is expensive power-wise. The numbers I'm seeing for BLE energy per bit are all over the place, but the numbers I found for some SHA3 testing say that even with a pretty old chip fab you can make a circuit that encrypts more than 10 bytes per nanojoule. That's a pretty small tax.
Wireless shifters only transmit when you press a button. Power consumption is higher with other sensors that transmit continuously at 1Hz: heart rate, running foot pods, wheel speed, cadence, etc.
Good handshakes are actually hard. There's no UI on these gadgets, and often not even a single button! Consider going to a public gym and wanting your heartrate to show on the exercise bike -- you'll be pairing it right there, in public.
Imagine a Tour de France team who spends millions of dollars being unwilling to find a company to build them a custom monitor that supports heart rate monitoring with an encrypted data stream if they can’t find one off the shelf.
30 seconds of searching shows me the polar h10 is already multiprotocol and supports Bluetooth.
It's health and presence info. In surveillance capitalism your or your flat neighbour's devices might capture it, upload to cloud and sell it, the buyer of the info might combine it with location data etc to bind it to your identity, and sell it onwards.
The next time you buy health insurance or are involved in a court case the data may be used against your interests. (probably someone can invent a still more nefarious scenario)
