Compromising the client Pc, for example by setting up a destructive root certification into the method or browser have confidence in keep. SSL/TLS is very suited for HTTP, since it can provide some safety regardless of whether just one side from the communication is authenticated. This is actually the scenario http://XXX