[jandrese]

If you aren't in the habit of answering yes to big browser warnings about self-signed certs it seems like it shouldn't be an issue.

If the MITM operators have stolen a well known root cert then we have a much bigger problem.

[avidiax]

SSL stripping allows attackers to avoid the big browser warnings, yet view and tamper with your data.

https://blog.cloudflare.com/performing-preventing-ssl-stripp...

[vbezhenar]

HTTP is marked as " Not Secure". It's not big, but it's noticeable if you're paying attention and you definitely should pay attention for financial operations.