There’s a scary article on Slashdot about a SSL attack that was revealed that this year’s DEFCON hacker conference. Now there’s been a certificate issued for PayPal which aids in exploiting the hole. This is the null-prefix attack!
Bottom line, until MS fixes their Crypto API, if you are super paranoid then use Firefox or Safari on Mac (not on Windows).
Update: The October 2009 patches from Microsoft close this security hole. So be sure you run Windows update and apply all the latest patches.