How often do these man in the middle-attacks really happen? Is there any point to take drastic measures against self signed certificates if the problem is relatively rare?
Tens of millions of computers worldwide are infected by spyware. On an infected computer FF3 may proudly tell how the traffic between a valid site and the browser are completely safe. However security is already compromised as anything you do on that computer may be logged.