Man in the middle ...

This article suggests that Bank of America's online security is not that secure: False security: Is Bank of America lying to its customers? by Chris Soghoian

Customers expect some companies to lie to them. Very few people expect cosmetics and skin creams to actually make them look 20 years younger. Likewise, few would be surprised if the salads at fast-food restaurants are actually full of calories and fat. However, when a bank tells its customers that its online banking system is safe and secure, most people would be shocked to find out otherwise. Thus, a major question remains: Is Bank of America lying to its customers when it tells them that they can be "certain (they're) at the valid Online Banking Web site" when they see the SiteKey image? Do banks have a responsibility to acknowledge the risks, and to inform consumers of them?

ADDED 09/22/07: Who's carrying this risk? The bank or the customer? That is will the bank be responsible and make good any loss to the customer?