Yes, the transfered data is still sent encrypted. -k/--insecure will “only make” curl skip certificate validation, it will not turn off SSL all together.
More information regarding the matter is available under the following link:
- curl.haxx.se – Details on Server SSL Certificates