https (specifically the CA chain of trust) is imperfect, and can be compromised by well-placed parties.