Scientist from The University of Texas and the Stanford University have published a study about SSL encryption in several products and services.
Even applications using data encryption they do not perform an proper identity verification of the sender or receiver. I have seen this before for online backup services, password sync tools etc.
So that is not a new thing, but it is amazing that we still have to deal with that.
Read the article http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf