ISPs very frequently do not give a shit about the law. There are so many instances of major ISPs intercepting and modifying traffic, injecting ads, redirecting people to gambling websites, etc. It's not some freak incident involving the NSA targeting you, it happens all the time. All it takes is one bribe.

And what happens if your ISP is compromised without their knowledge? What happens when it's a consumer device such as a router? Don't forget that nearly every TP-Link router has an active malware infection.

It's not just one ISP that you have to trust, it's every single intermediate piece of equipment.

Intercepting traffic is a trivial & common form of compromise, and the problem multiplies by how many different parties you are handing your data to. It is wildly irresponsible to not attempt to protect against this.