The paragraph about signed certificates misses an important point. The
only thing keeping an ISP from proxying https traffic and effectively
mounting a man-in-the-middle attack is the browser's certificate check.
And if the end-user just clicks through the browser warnings, using https
instead of http does nothing to prevent the ISP from messing with content.