Like all technology, it's really about what you are trying to protect. For most people and applications HTTPS is probably enough, if you're protecting multi-billion dollar transactions or infrastructure then you should use something stronger. Think of it like door locks -- all are flawed, but it's not worth spending $1 million on security to protect a $300,000 house.
I'm reasonably satisfied with the level of protection from HTTPS for my twitter posts and even banking.
As an aside, is the Microsoft HTTPS implementation any better? It seems like only open source and Apple have been implicated in the HTTPSgate scandal.