[citation][nom]STravis[/nom]Really? Do tell.[/citation]
Some root certificate authorities still use MD5 hashes to sign their certificates. MD5 has a weakness that has been known for about 15 years, but which was only really publicly exploited in 2005 (and more impressively in 2008). Basically, it is possible that two documents with different content could have the same MD5 hash.
Using that weakness, some researchers purchased several thousand dollars worth of regular SSL certificates from a public certificate authority. They then used a bunch of PS3s to generate an intermediate certificate authority certificate with the same MD5 hash as one of the certificates they had purchased. Because the MD5 hash for their regular SSL cert matched their intermediate CA certificate, they were able to use it to sign their intermediate CA certificate. This gave them the ability to generate and sign other SSL certificates. They have released their research to the public, and most certificate authorities don't use MD5 hashes any more, but the SHA1 hash that most of them use now is also vulnerable to collisions (although to my knowledge, an exploit of SHA1 has never been demonstrated).
Anyway, with the above methods, any one with about $50,000 could purchase enough computing power to generate a MD5-signed CA certificate and perform a man-in-the-middle attack on any website without the end-user knowing that anything was happening. I don't have $50,000, but I can think of plenty of people/organizations that do . . .