nonsense.. that's a blanket statement that doesn't mean anything, implying that we should only consider absolutely secure solutions that will protect against all attacks. There is no one size fits all. Adding a layer of security that "will thwart MOST prying eyes" is well worth it, just don't expect it to be bullet proof and understand how it works, what it protects from.
If I recall correctly one of the initial aims of "https everywhere" was to protect people using public wifi. Hijacking FB accounts on public wifi became a common attack (and many others). It's a low-hanging fruit that encouraged a lot of websites to enable and fix their SSL for everyone.
Not to mention.. even if the NSA had keys from the major SSL cert vendors: you probably meant: they have the private key of Google/Facebook/etc, since the cert vendor key itself only signs the cert, it does not provide the private key that encrypts the communication.
Even then, don't use Google/FB. A lot of Snowden docs talked about tracking using the IDs from those services, although nothing has indicated that they have private keys of google/fb, it assumed that google/fb traffic was non-SSL. It's also a big leap to assume that they can generate/obtain private keys for other non-cloud services.