Two reasons for SSL
SSL is used for two distinct reasons, and this piece is only relevant to the first reason. That is, to validate that a web site is actually controlled by a specific entity. Yes, this is why SSL was created in the first place, and it most certainly *should* still be used that way. But most of the time, it isn't.
Unfortunately, people wanted to conduct commerce on the Internet, and the webmasters and/or their companies didn't want to pay the fees to get SSL certificates. So instead, a new SSL industry was born. One in which the controlling entity is irrelevant. One in which the only controlling-entity check is that the IP address of the web server matches the certificate. This second reason for SSL is simply to provide encryption for the connection (for the commerce transaction), not to confirm identity. This reason is simply to make sure that the data transferred between the two endpoints cannot be easily deciphered/read if intercepted. Go try to buy a cheap SSL certificate, and you'll see that you can easily get one without having to prove your identity at all.
But speaking of SSL security, shouldn't anyone seriously concerned with security be using 256-bit AES at this point instead of 128-bit RC4?