For our master thesis we are also using SSL encryption. And there was recently some attention in the media about this. A Belgian blogger mentioned that a lot of banks didn’t use safe SSL connections.
This means that it is possible for hackers on the internet to see everything what the user is seeing and in some cases might be able to change the bank account numbers to which money is send.
Luckily the banks whose SSL connection was unsafe updated their servers in most cases in a few days. But still not all banks have one of the most safe grades. In most cases this is because they want to maintain backward compatibility with old internet browsers. But this means that using this older browsers implies an unsafe connection.
In almost all browsers it is not indicated if a connection is over HTTP (unencrypted). But Chromium has a proposal to indicate all HTTP-traffic as insecure. Which is in fact a logic choice since in this case the user isn’t informed that he uses an unencrypted connection while it might be necessary.
When you are visiting websites with personal confidential information, do you check that it is served encrypted? If a website with personal information is served over HTTP do you still use it?