The new psql client in Postgres 16 simplifies secure interactive sessions by introducing a new connection string option, ?sslrootcert=system, which leverages the trusted CA certificates built into the operating system as root certs and performs proper authentication via sslmode=verify-full. This makes it easier to connect to databases while avoiding common security pitfalls such as MITM attacks, which can occur when encryption and authentication are not properly established. The new option is especially useful for users who previously connected using ?sslmode=require, which was found to be vulnerable to DNS-spoofing attacks. By utilizing the sslrootcert=system option, users can ensure their connections are secure and resistant to such attacks.