On 8/20/10, Aryeh Gregor Simetrical+wikilist@gmail.com wrote:
They can do things like intercept any connections to the site, providing a forged certificate for HTTPS via a CA they control, and steal passwords or cookies.
See this: https://bugzilla.mozilla.org/show_bug.cgi?id=542689