Recently a "wildcard" SSL (secure socket layer) certificate for Google (ie *.google.com) was found in the wild being presented by a non-google site from an Iranian IP address. This means that that server could impersonate any google website that has "google.com" in the name. In this way malicious operators could collect login information for many services, including email, and then scan email for more personal details to assist in identity theft, or direct login credentials theft to other sites, such as Paypal. (Many sites require you to receive email at a known email address to reset your password - this makes having control of someone's email an easy route to accessing accounts on other sites, perhaps even web banking.)
Noted security researcher Moxie Marlinspike talks at the yearly hacker conference "BlackHat 2011" about recent issues with SSL, the secure socket layer, which protects most electronic communications on the internet and in some banking networks. In the second half of his talk he discusses the complexity of the designs of security for the internet, and some possible solutions to the current situation.
SSL and the Future of Authenticity: Marlinspike @ BlackHat 2011