On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito <bob@redivi.com> wrote:

If it works, how would it be worse than using no encryption whatsoever? Sure, maybe there would be a false sense of security, but it seems like a step in the right direction.

Presumably that's the problem. We'd have a possibly zero amount of end-to-end security, coupled with a possibly zero amount of trust in the remote endpoint, but we have 20 years of human factors experience demonstrating that people trust SSL by default even when they shouldn't.