you should learn how a "mitm" (man in the middle) attack works before you make definitive claims about it let's say Alice and Bob communicate over safe-mail with GPG Alice sends Bob her public key. Safe-mail intercepts the e-mail and replace Alices public key with their own then send it on to Bob. Bob sends Alice his public key and safe-mail does the same thing. Now when Bob encrypts to Alice he is really encrypting to safe-mail, who then can decrypt the message and re-encrypt it (or a modified version of it) with Alices real public key before sending it to Alice. I really worry the most about instant messages and OTR. I think it would be very trivial for any of the instant message servers we use (or SILC server etc) to MITM OTR keys, and so few people use any authentication / verification methods that it would not likely be noticed. I have thought of putting out a few exit nodes that SSL strip connections to popular instant message servers and MITM OTR key transfers, just for shits and giggles. I bet I would be able to intercept a lot of communications that people thought were secure. But I am not an asshole so I wont .