"Yesterday a presentation was given at the Chaos Communication
Congress that exposed a flaw in the way SSL certificates are handed
out. In their presentation they explained that this icon, in some
cases, can be completely spoofed. When you combine this with the
fact that people can ALSO spoof your domain name you have the
potential to have a banking Web site that looks and feels EXACTLY
like your banking Web site (and even "validates" as your bank) that
is...well...not your bank."