With the NSA revelations over the past months, there has been some very questionable information starting to circulate suggesting that trying to implement perfect forward secrecy for https web traffic isn't worth the effort. I am not sure of the provenance of these reports, and I would like to see a much more thorough debate on their accuracy or lack thereof. Here is an example:
http://tonyarcieri.com/imperfect-forward-secrecy-the-coming-cryptocalypse
As my IETF RFC coauthor Harald Alvestrand told me: "The stuff about 'have to transmit the session key I the clear' is completely bogus, of course. That's what Diffie-Hellman is all about."
Ryan Lane tweeted yesterday: "It's possible to determine what you've been viewing even with PFS. And no, padding won't help." And he wrote on today's Foundation blog post, "Enabling perfect forward secrecy is only useful if we also eliminate the threat of traffic analysis of HTTPS, which can be used to detect a user’s browsing activity, even when using HTTP," citing http://blog.ioactive.com/2012/02/ssl-traffic-analysis-on-google-maps.html
It is not at all clear to me that discussion pertains to PFS or Wikimedia traffic in any way.
I strongly suggest that the Foundation contract with well-known independent reputable cryptography experts to resolve these questions. Tracking and correcting misinformed advice, perhaps in cooperation with the EFF, is just as important.