No, it is not secure. The certificate presented by metricbeat is controlled by ssl.certificate, not verification_mode. Elasticsearch with xpack can be configured to require a certificate as described here.
You have a much bigger problem, because metricbeat is not validating the certificate presented by elasticsearch. As the documentation says
This mode disables many of the security benefits of SSL/TLS and should only be used after very careful consideration. It is primarily intended as a temporary diagnostic mechanism when attempting to resolve TLS errors; its use in production environments is strongly discouraged.