While I understand a little of the inner workings of public/private key encryption and something about the methods for implementing SSL I have to admit I don't fully appreciate why it's used.
Ok, I know it encrypts everything that's transmitted between browser and server, but what are the dangers of not doing this? If you send it all in plain text it's open to sniffing by hackers. How though? Can anybody, anywhere in the world listen in on any unencrypted communication on the web? Surely they would need inside knowledge of IP addresses and/or access to private networks.
Also, what part does the SSL certificate provider play in all of this? I know they have to be trusted to be able to prove the parties they issue to are legit, but do they have to be trusted to? Do they have access to snoop the communications? Is the use of SSL certs in things like online shopping more about feeling safe in the knowledge you know who you're dealing with or is it more about knowing your card details are safe from prying eyes?
Lastly, before I stop talking about SLL, how slow does encryption make a site compared to using normal http://? I've read that it can be 30% slower.