The short form is that a VPN securely transports your data from one point to another. It's not about end-to-end. It's about point-to-point.
When your laptop wants to talk with a host computer via the Internet (using something called "IP protocol"), it sends a data frame via WiFi or a wired connection. The frame travels from router to router via a mostly direct route until it arrives at the computer you're trying to talk with. Unless it is encrypted, if you send "myUserID" and "myPassword", every router along the way can see "myUserID" and "myPassword" in the frame. This is not good if you're in a coffee shop where someone has tampered with the router.
If you set up a VPN (Virtual Private Network) server on your home network, and you use this VPN when you're on the WiFi at the coffee shop:
One big risk of using a WiFi at Bob's Coffee and Hacking Emporium is that Bob might tamper with DNS, so that when you think you're browsing to http://myBigBank.com you might wind up at http://myBigHacker.ru. With a VPN, you can have your DNS traffic passed through the same encrypted tunnel, to use the same DNS server you use when you're at home. (This is probably the DNS provided by your ISP.)