What is the end user's risk when searching a public website that uses TLSv1?

Is it safe for an end user to search a Web site that supports only TLSv1 (or other insecure encryptions or protocols) if:

  • It is a publicly accessible website without sensitive or private data
  • It does not require user login, credentials or other user data.

Therefore, assume that the website is an intent http: // However, this site has an SSL certificate that is out of date by today's security standards.

And I'm sure they're not open to any kind of exploit, except for MITM of course. By exploit, I mean there is no way to use a bad SSL certificate to install malware on your computer, right?