Here's the point that you, and many others, sadly miss: the cert only verifies that you're communicating with the site whose name is on the cert. That's all it means, that's all it's ever meant, and that's almost certainly all it will ever mean. It has never meant, does not mean, and cannot mean, that the operators of that site are good, honorable, trustworthy, or indeed anybody other than Satan himself.
The problem is that decades of ignorant users have been conditioned to see the padlock as signifying that the site is "safe." It's never meant that, and it can't mean that. And the less we pretend it does mean that, the better.