Comment Re:HTTPS is not safe either (Score 1) 622
Yes there are still flaws, CAs can be abused to issue fraudulent certificates for your domain. Using this fraudulent certificate, someone (the NSA) can MITM the SSL connection, present the fraudulent certificate to the user, the browser will accept since it is signed by a CA, and continue. But they cannot get your SSL key via the CA and decrypt existing traffic.
Also, you can prevent SSL decryption even if someone has the private key, by using Diffie-Hellman key exchange rather than RSA key exchange.