>> Capturing a sites certificate not only allows you to _undetectably_ impersonate the site for the duration of the cert (or until its revoked), but it allows an attacker to decrypt all communications with that server _prior_ to the exploitation which they may have captured.
> If you can get root access to the web server, sure. In that case, why not just take over the webserver process itself?
The point is that taking over the webserver should not allow you to decrypt sessions that occurred *prior* to the takeover. Yet, because of the shoddy encryption most commonly used for SSL, that is exactly what you can do.