Ulrich is right. First, look at the "certificate story". These are meant
ensuring that you can trust your endpoint. Certificates are
pre-installed in your browser, and one should check (and rarely does)
which ones to trust (and how much). Invented examples: If they are owned
by chinese or russian telecom company, do you trust it? State agencies
could intervene. Or british telecom (5eyes??). The actually used
hierarchical trust model might be a failure by design.
And then there are exploits. Example: some years ago Moxi Marlinspike
found the funny zero-byte error due to string handling: He proved that
you could buy for example the domain "com",0,"mand.org" and have the
trusted instances sign your subdomain google.com",0",mand.org" which
any firefox (at least) did recognise as valid certificate for google.com
since they considered the 0 byte as "end of string". You are not safe
from such type of exploits.
Conclusion as usual: if your life depends on it, do not trust https.