Before ChucK and Mallory came along we used to put our username and password right on the url even without SSL.
So it would have been something like this:
http://user:pass@www.eevblog.com/forum/Of course it makes more sense to use https in that case, that gave Craig a reason to be. Then online banking came along and adopted ssl (or tls or whatever it's pretty much the same handshake)
I'll admit that as long as you keep that private key, well... private, then you might be safe, but, sometimes things don't work as you think they do. What if what was generating those private keys used something stupid like say the process id where they were running.
So you if what would it take to break those private keys if you knew the seed to the random number generator was that pid? how many pid's do you think a linux system have? even if it was 100, and since you have the code for the random number generator and other events the key is based on, just with that you can create a handfull of keys that will pretty much give you a private key that is compatible with those other private keys and accept the same public key.
But you will think that's impossible and will never happen? well it did, and not too long ago either, and for a long amount of time. Yeah it's fixed now (hopefully deployed everywhere) but still you have to understand who the cryptography players are, and when they come out with some algorithm that is unbreakable and non reversible, should you trust them that it's not the case? After all, you just have to take a lot of math to prove it wrong and of course someone would have found the flaw that they might keep in a need to know bases?
Nah, it's all secure and we have nothing to worry about. Home Depot uses SSL, so does Target, and Sony .... there are other attack vectors and just pure social engineering will just get you where you need to be because it's the way things are.
Security now is more about pen testing than even cryptography and everyone wears all kinds of hats and it's a stupid way to generate more and more so called security jobs that only keeps the cycle in perpetuation.
Worries make a ton of money flow, that's the bottom line.