At latest Blackhat conference, Moxie Marlinspike made a presentation about new ways to sniff SSL (HTTPS) connections : slides and presentation.
The techniques showed in the presentation allows you to sniff SSL connections, and can hardly be detected by the end user. They are quite simple, and I dont see an easy way to avoid this at the moment, except veryfing certificates and authority chain when you browse an SSL protected website.
A lot of flaws are based on user credulity. A lock image somewhere on the screen is sufficient to fake them, so websites which shows this icons on every pages are a big part of the problem. Another has been corrected in most recent browsers : if you display a dialog box to an user, he click the big button, without reading the warning, nor understanding the meaning of his action.
There is a lot of security improvements to be done on the internet, and I think the first mesure educations, for end-users but also for site designers.