I'm tired of all the dribble about MITMs. That requires a HIJACK -- "perps" need to hack your DNS, set up a fake server, set up fake certs, etc. PRIVATE SYSTEMS AREN'T WORTH THAT EFFORT. Google just gives "anyone" a copy of the keys. You don't even have to worry about fake certs -- because the certs are copies that Google gave them. People are clueless. Including coders
There is nothing more dangerous than transmitting your password in the clear.
"Discussing the obvious" for 8 months is not "working together on the issues."
There is only one issue: Encryption that is easy to use without a graduate degree in operating systems and crypto.