SSL/HTTPS is supposed to protect high importance sites, and when used correctly, it does so.
The mass rollout compromises its ability to protect high importance sites.
We already have a situation with Let's Encrypt, where a fraudster can very easily create a spoof site with a padlock, something which would have been difficult when that required a proper certificate involving human checking of the request. Thus, the value of SSL as an indicator of safety on banking sites has been seriously degraded.
That, and on sites with advertising, HTTPS does NOT prevent MITM attacks, because any advertiser can inject a keylogger into the browser. Guess who serves most of the advertising? Yep, the same corporation pushing universal HTTPS.
Perhaps worst though, is the blaze of propaganda that's been put around hyping SSL as a 'miracle cure' for IT security. This is no less than snake oil selling. SSL has its uses, as does snake oil (it's actually for rubbing on sore feet) Neither is a cure-all though, and by convincing people that it will offer blanket protection it will lead to other more effective protective measures being dropped. That will be bad. It will result in people being hit by ransomware, etc when they otherwise might have taken effective precautions.