Re: unless scammers also get EV certificates
LDS: too true, but a certificate original does not necessarily say much about for whom it has been issued.
I dare anyone to determine, only by examining the certificate in the browser, that the reg's SSL cert has actually been issued to situation publishing (or to whoever manages the site).
The latest crop of browsers throwing fits about non-SSLed connections only makes websites bolt on free SSL just to shut up those pesky browser warnings. Does it make the net any more scammer safe? Not a bit, the problem has just been swept deeper under the carpet.