"2- you have 0 judge or lawyer on earth who can understand this SSL stuff"
Heck, even a good half of the IT crowd doesn't. Myself included. Maybe there's enough understanding to cope with the daily tasks, but not enough to make truly important policy decisions, or to serve as an expert in legal proceedings.
Which may be a serious problem in the legal matters. If someone's machine is hijacked for a criminal activity, then a false impression of security may become a deciding factor in a verdict. Encrypted drive? Check. Password-protected? Check. SSL? Check. That's a proof beyond reasonable doubt, m'lud. Nobody but the defendant could have gained access to this machine. Throw in an "expert" or two, and it's pretty much a done deal.
If that previous part sounds as a hyperbole - not necessarily so. Germany has a precedent on this. If any cybercrimes are performed from a "secure" WEP-protected WiFi network, then the owner is liable. Not to mention that possession of any "hack-tools" is an offence by itself, and a solid proof of guilt.
Honest mistakes undoubtedly happen. But there shall be no mercy for vendors that are knowingly exposing their customers.