I know this is totally old news, but it’s some pretty heavy stuff that really kind of happened and then everyone went back to business as usual.

SSLStrip is a tool for MITM attacks where the attacker can intercept information to be transmitted between a user and the server such as login credentials.

Any information security professional worth their salt needs to see the video embeded at [Moxie's SSLStrip page].

The good news is that token keys and user/client certificates is the easy fix, though it makes for more cost/work than just your standard SSL connection. Also, web developers can help the problem by not embeding https links into an http page or translating those with HTTP/redirects.