RealVNC SSH tunnel still warns of unencrypted connection

The client can't know that the connection is being ssh tunneled, it knows only that when it talks to the declared server - localhost:5901 - it does so in plaintext, and it's warning you about that. Since you have made arrangements for the traffic to be encrypted the rest of the way, you may continue in peace.

In particular, you can have confidence that the traffic from your desktop to the server is not leaking, since if you weren't running a tunnel (or a local VNC server, which would still have no wider security implications) there would be no way for the traffic to get from localhost out on to the network.