@Tom

Ah, but what you are missing is 1) the people who are going to the site for the first time and are about to hand over all the details required to set up online accounts, and 2) the people who, on seeing a popup saying "the certificate has changed and maybe owned by alien beings and agreeing to this will mean that you give away your first born", will just click "ok" anyway because they don't know any better. This adds up to a significant number of people at risk from this.

It's why SSL/TLS on its own is not really good enough for online banking.