... and he told me only that SFTP-Server is configured with a secure AUTH with TLS and the data connection is unsecured ...
That is not SFTP but encrypted FTP (FTPS), which has nothing to do with SFTP except for the similar name.
In FTP, a control connection is used for the commands the client sends to the server (e.g. "list directory") and the status codes the server sends back (e.g. "file doesnt exist"), while separate data connections are used for each transfer of directory listings or the files you download and upload.
In your case, the server encrypts the control connection, but not the data connections.