Its possible to MITM an HTTPS connection, trick you into thinking it is secure by providing a green lock favicon, and intercepting or sniffing everything you do over that connection. And it will work on nearly every website in existance.
More people should be aware of SSL Strip and how to protect yourself against it.
I perform HTTPS interception on all out-bound traffic on my network and I don't recall making an exception for AMO, and I have a number of add-ons installed. Though, it wouldn't be the first time I've forgotten about something like that.
More people should be aware of SSL Strip and how to protect yourself against it.
http://www.thoughtcrime.org/software/sslstrip/