...oh wait, yes we do.
The Dutch CA DigiNotar's compromise has resulted in the issuance of hundreds of false crypto certificates. While the two most dangerous certs issued are for *.*.com and *.*.org, the crackers were sure to create themselves named certs for everyone that matters... Facebook, Google, Yahoo, MI6, the CIA... all with fake certs floating around out there.
What does this mean for the average user? Don't trust HTTPS (or anything else that uses SSL) until you get a patch from your vendor that updates your trusted root certificate list. In many scenarios, this will happen without user intervention, but it's best to be sure.
(Oh, and this, boys and girls, is why we need to teach cryptography in high school.)
