I'd say the biggest amount of security breaches happens on the client side, not on the server side. Biggest issue is that many people have no clue what is safe surfing and what is not.
If you get attacked by a JS injection or whatever malware, you are most likely already surfing in dangerous waters. Stay on trusted domains, trusted sites, keep away from unknown hosts, don't click on web links that look suspicious and never ever click on any dodgy looking pop-ups or any pop-ups for that matter, unless you specifically requested the site to give you that window, and you should stay relative safe.
Don't download illegal stuff, or stuff from a site that is not the owner of the content.
The probability of a user being hacked is millions of times greater than a quality server/service being hacked.
If you ever think there is a slight chance that HTTPS is not good enough, you can add a lot of additional security layers to your login procedure to ensure no one can impersonate you nor the server. One added layer as an example would be 2-stage (two-factor) verification.
It is easy to blame servers and security tech to be flawed and the root of the problem when the biggest issue actually is the behavior and under-education of the users.