[phaer]

If a random attacker in your local network can do that easily you should talk to your bank about SSL or change to one that actually knows basic internet technology.

SSL should be assumed as broken for defence against government surveillance but it still keeps the most common attackers out.

[joe_the_user]

SSL depends on dns and so is broken when someone has compromised your local router. Yeah, that's a pretty bad weakness but it's just sitting there and indeed that's what the NSA supposedly used against Petrobras.