Bah the problem with BOTH is the handshake. If the traffic goes through an NSA server then they have the handshake which means they have the decryption keys. From this point its pretty easy to get the plain-text message.
While SSL/TLS can be used with certificates on both ends, in practice this is very very rare. Servers typically don't care who their clients are thus they don't request client certificates. This is actually a good thing, otherwise the system would be unusable by the average user. Not to mention the client costs to maintain a certificate would make it financially completely impractical.
As far as snooping the SSL handshake, that won't gain you anything unless you know how to break the underlying cipher or have the server private key already. As mentioned in a few recent articles already, the underlying AES cipher is still mathematically sound, though the older 128 bit keys slowly get less and less secure primarily through computational advances enabling brute force attacks. I expect 128-bit AES to be completely replaced within 10 years with more critical deployments already switching to 256-bit keys.
I live within view of Fort Meade, aka NSA HQ. It's not one building, it's a compound. Your choice of entrances are either Military guard posts at FT Meade's front gates, or off-ramps from local highways that are guarded 24x7 by MD state troopers. You wouldn't make it close enough to do anything of consequence.
The NSA is no joke. Given the current climate of fear and paranoia out there by both the populace and especially the NSA, I wouldn't make even moderately threatening statements towards them, lest you get labeled a domestic terrorist.