"Kevin..." makes solid and relevant observations.

Add to those;

Browsers handle these 'secure' connections (and the 'Certificates' associated with them) as a "Trust on First Use" approach, by default.

This means we trust the computer to be configured to look up Certificate Revocations with each use; trust that the Certificate is valid; trust that no one has interjected themselves into the data stream; trust that the ISP being used has unblemished employees, and so on.

Even the Trust Model of Certificate Authorities & the protocols involved has become questionable because of lax issuance of Certificates and outright hacking of Certificate Authorities and subsequent issuance of fraudulent certificates.

(Comodo, RSA & DigiNotar for example)



All that on top of the assumption that your computer does not have malware that intercepts keystrokes before it even gets launched from the browser.



For all but the most adept in Security, it gets down to a matter of trust across the entire fabric of the Internet...and the less you know, the more you must rely on 'trust'.

The lure of the convenience aspect often overwhelms the phobia inherent to using a convoluted and abstract technical system which for the most part is indistinguishable from magic.

In theory no.



There are certain attacks in which an attacker will position himself in between you and your bank; by pretending to be a wireless access point for example. The attacker will strip off the SSL encryption, read the contents of your communication, then re-encrypt it and send it on to the intended destination, pretending to be you. The same is then done with information that is sent back.



For that reason you should avoid wifi you don't own (even if wpa is used) and avoid using proxy servers when dealing with important things like banks.

No, the HTTPS means that it's secure.



Theoretically, it's possible but highly improbable to do.



No one can easily see the data packets you send to a secure site using SSL or TLS.