Here is a philosophical question for you:
Many SaaS vendors currently only offer SSL support to clients who pay a premium. Users who don’t pay, can’t have the “extra” benefit of using SSL. What happens to the small companies and/or single users who wish to be secure, but do not need unlimited users or 2GB of file storage, or 10 project templates? Who in their right mind would pay $20 extra a month just to get SSL? And what possible justification is there for denying transport-level security to smaller customers?
Today we have this perception that only the largest corporations need to pursue security: the ones with CIOs and Enterprise Architects, the ones trading publicly or in a vertical where audits are mandatory. If you ask me, I think we could go a very long way if we stopped thinking like this and began to enable any person or organization, of any size to care about, understand, and pursue secure internet operation.
I know it isn’t as lofty a goal as Bob has put forth; but this issue, to me, represents a small part of the underlying systemic problem that Bob is trying to shed light on.