@AC faking certificates
There are Chinese root CAs, like CNNIC. You don't think the government could order them "sign this certificate for google.com"? There's also HongKong Post, which they might be able to use similar arm-twisting with.
As for Hong Kong not being behind the Great Firewall, it doesn't have to be for China to have control over its internet. They just have to maintain control of the routers for traffic entering/leaving the country, which you'd have to be naive to think they don't have.
If by some chance they don't have such control now, you can bet they will make sure they do in the near future.