Compromising the customer Pc, which include by putting in a malicious root certificate to the process or browser belief store. SSL/TLS is very suited to HTTP, as it can provide some safety regardless of whether only one aspect in the interaction is authenticated. This can be the case with HTTP http://XXX
