Re: Too much trust being put into certificates?
I think the problem is encryption without some form of proof of identity only creates an illusion of security; you don't know if the connection is to your intended website, or to a man in the middle who's posing as the legitimate site (and then possibly forwarding the traffic on to it.)
About the only thing that un-authenticated encryption does is slightly deter bulk data collection and storage. It does nothing for any kind of targeted interception.