Obviously it can be broken by planting malware in the target's computer, but what are the other ways? Last we heard, independent reviews of the crypto protocols said they were pretty good.
But I am quite sure there are exploitable weaknesses in the login server and protocol. Skype operates that server, so we can assume that it either is or soon will be compromised.
Consider the following simple observations. I can install Skype on another computer, sign in with my existing user name and password, and talk to any of my existing contacts without any of them noticing anything unusual. I transferred nothing from my old installation, so my new installation cannot have any of its existing secrets. It knows only one long term secret: my account password, and I use that only to authenticate myself to the Skype login server.
Furthermore, unlike most IM programs, I can sign in from multiple computers and switch between them during chat sessions. All will get copies of all that is said.
This seems to demonstrate quite clearly that with the cooperation of the operator of the Skype login server, you can impersonate any Skype user and conduct either a man-in-the-middle attack or a conferencing attack.
The weakness here is that you're relying on the login server to authenticate your correspondents instead of doing it yourself on an end-to-end basis. Without authentication, encryption is meaningless.
You could probably add packet-level authentication mechanisms to Skype traffic to protect against this attack, but if you're going that far you might as well use something completely different that you can fully trust.