this is what i do for a living (A+, N+, cisco, MSCP) and i hate to tell you...
There is a fundamental flaw in internet architecture that make any site vulnerable to a man in the middle attack no matter how well encrypted or secured or tied up with a pretty bow
this includes ARPANET, MILnet, and just about any WAN. if you want secure return to Minitel or a BBS system.
this 'flaw' will continue to be a problem until the router hash table system is dumped for something slower but more secure...personally I think the NSA and NRO put it there on purpose, but that's just speculation on my part.
But the truth is that none of us are likely targets for stealing our account info. We just don't matter that much.