I think the idea that end users will avoid MITM attacks is just never going to happen, if it ever did. All this hair-splitting over SSL has long ruined this, which is a shame because that's the most common attack an end user will have. Worry that $nation_state_intel_services might someday crack your SSL session is a bit much. Google is a company run by, lets face it, paranoid web devs. In their minds, a potentially weak SSL cipher is just as bad as a MITM attack. I think the reasoning is foolish, personally, and we're in a period where Google's web dev mentality rules the security roost. Focusing on trivial SSL issues really isn't making us more secure. If anything, its training users to be baffled and potentially less secure because they don't understand why all the random yellow and red x's mean, especially on trusted sites like their employer's site.