No site is secure

I think this needs to be made clear.

SSL, Secure Sockets Layer, keeps data sent between two points from being intercepted and misused by a third party. This means that your password, credit card info, Social Security card number, or the name of your girlfriend's dog will be safely transmitted when you click the DoIt button.

But that is all it does.

Once that information has been stored by the website, it is only as safe as the website itself. SSL does not make a website secure; it only makes communication with it secure.

Every recent huge data breach has released personal information from sites "protected" by SSL. So think twice or more before letting https// www Big Business keep your payment information. Or your birth date, mother's maiden name, pet's name, or anything else that can contribute to the cause of identity theft.

There are two reasons I'm not seduced by any temptations to enroll in autopay: One, I might not have any money in the bank tomorrow. Two, the reason I don't have any money in the bank tomorrow could be that the site I gave my banking info to has been hacked.

Yet another addendum or two.

It is possible for criminals to set up a "secure" site, using a stolen certificate.

Also, legitimate sites can display ads that serve malware.

So https does not mean squeaky-clean trustworthy. It's still a crapshoot. At least it's an improved crapshoot.

You the user are still your best defense. Watch where you're going, block ads and flash, don't open PDFs in your browser (and get rid of Adobe Reader!!!), don't touch any link in an email unless you can verify the sender, bla bla bla.