@Alister mentioned the SSL report from Qualys SSL Labs for HSBC. It does cause concern to see a "B" rating, and inclusion of the TLS_RSA_WITH_RC4_128_SHA (0x5) cipher which is insecure.
I would be mortified to get a B rating. I have always looked at the Twitter and Google reports to see what their cipher selections are like and configured my servers to a similar spec. There are a couple of "weak" ciphers to fall back on but this is still acceptable and they are at the bottom of the list.
But HSBC using an Insecure Cipher - surely that is unforgivable?
And why aren’t they using Perfect Forward Secrecy?