I have read excellent article about how httpS security model is really broken: https://queue.acm.org/detail.cfm?id=2673311
I highly recommend reading it, one of the best articles I read in recent years.
P.S. I know httpS is the best we currently have, but we need to know the problems it delivers.
Hope you like it.