SMLatCST has it correctly.
It is an unfortunate behaviour of browser manufacturers and how SSL certificates are used. SSL encrypts the traffic, it does not authenticate the person/server. Encryption on everything should be the norm in my opinion. Now, getting authentication right, that's a can of worms. Remember, by default your browser trusts every major CA out there. That includes the usual suspects from China & Russia & Nigeria & even Diginotar from Holland. Only with new Windows updates is trusting Diginotar removed. I deally, your browser should only trust those CAs for websites you regularly visit and know to be legitimate.