I sent an email to Citibank complaining about this and got a reply saying that myciti.com is protected with a 128-bit certificate that's just fine. Some MacOS browsers don't like the certificate they're using and I should just ignore it.
Accept that www.myciti.com isn't www.citi.com, which is their 'front door' for account authentication. Once I logged in (yes, I ignored the error so I could complain), I was using a third site accountonline.com to navigate around.
I still think with this invalid certificate that there is a chance for a "man in the middle" attack, but the credit card company's support people are saying it all good. This problem is totally different from my web provider who uses a wildcard certificate that MacOS 10.6 didn't seem to like. I'm currently running 10.8.3.
Should I be worried?
My brother did something simple in his house. There was no wifi, only hardwired network connections. His kids had computers in there rooms but they didn't route to the Internet only the local LAN. The Internet-accessible computer was in the 'great room' where everyone could see what was being run on it. He's the only one with administrator privilege on the local LAN. He trained his kids to be aware of internet scammers, SPAM, etc. since they wouldn't be on the home network forever.
The shared phones didn't have a data plan but had unlimited texting, so the kids couldn't browse the internet on their phones. No, they didn't get smart phones until they went off to college.
This seems entirely workable so long as you don't have someone trying to subvert security in the house. It's much the same challenge that most IT departments face with a company LAN and the employee's phones/iPads/MacBooks/etc. being brought into the company's network. All it takes is some idiot marketing person to open a macro-virus on a Windows box with non-current virus scanning software, and the fun will begin. This "client" will have to nail down the home systems making sure they're all hardened and stay that way.
Smart phones are not currently part of this unless they are confined to the local LAN while in the house but I don't know of a way of enforcing that short of making the house a Faraday cage.
If the kids are running Windows laptops that leave the secure home LAN, this gets much harder.
A college senior graduating from a teaching credential program applied for a job in a school system. The school system saw her MySpace page which had a picture of her obviously at a part with a red Solo cup in hand. She wasn't underage as the picture was current. She was just smiling, having a good time. They withdrew their job offer. AFAIK, no action was taken by the applicant (I'd sue).
I asked a client who is an attorney but practices a different, specialized type of law. While it's OK for some places like Home Depot to require a drug test prior to employment, that still happens farther down the interview chain. I don't want some person in the store driving a forklift when they're intoxicated or impaired.
I can't see asking for FB or MySpace or any of the other social media site access as acceptable. LinkEdIn, as much as I hate them and how they work, is different. I don't think you'll see party pictures or any of my LOLcat pictures on a LinkEdIn profile. Just doing a Google search of myself shows my name in various news group posts even though I post with no-archive. While it's almost impossible to exclude 'the stuff on the Internet' from an employer's background search, omitting stuff like what's in your FB (I'm gay, jewish and my politics are none of your business) cross the line.
I wonder what would happen if the first thing they saw is "Thanks for logging access to my FB page. I now own your house and the assets of your company. Have a great day. And good luck finding a new job."