I believe the original quote talked about Phishing. What good is the SSL 3.0, RC4 ... if you give out your password to a phishing site. I always make sure to examine the url in the browser and perhaps open the TCPView from sysinternals to see where exaclty am I connected before entering the user info, especially when credit card or bank account is invovled.