This post speaks hits the spot - a perfect rundown of the (broken) SSL experience. Why do we still live in an age where security & identity are so tightly bound that to "secure" a site, you have to pay someone to "validate" your authenticity - which we all know, is bollocks anyway.