« Therefore, for the time being, web #security is reducible to SSL/#TLS security, which is reducible to email security, which is broken. »
▻http://blog.whitehatsec.com/web-security-relies-on-ssl-which-relies-on-email-which-is-broken
[Because you can get a #X.509 certificate for example.com just by proving you can receive email to hostmaster@example.com so hijacking email allows you to get a certificate.]