I encourage you to read “Are VPN’s really useful?” by @mazer and the discussion on Privacy Guides.
TL;DR: For most people, only use a VPN if you actively distrust your ISP. Tor will go a lot farther than a VPN for protecting your privacy if that is your primary goal. Religiously using HTTPS‑only mode mitigates any security concerns in particular.