Compromising the customer Laptop or computer, for example by putting in a malicious root certification to the program or browser trust shop. SSL/TLS is particularly suited for HTTP, as it can provide some protection regardless of whether only one facet with the communication is authenticated. Here is the situation with http://XXX
