Imagine if you discovered an exploit for TLS and just listened in on a public / hotel network to tons of Windows machines sending keystrokes, calendar, contacts, etc to Microsoft in the background... At least in the Windows 95 days you had to write the key logger yourself and get it installed somehow.
Exploits for popular SSL libraries are discovered all the time. Surely you haven't already forgotten about "heartbleed" and the vulnerabilities that followed. I'm sure the NSA knows of several other exploits that they are keeping quiet so they can keep using it, and they may even attempt to deliberately introduce vulnerabilities. Furthermore, even without an exploit TLS connections can be decrypted by anyone with a trusted CA private key that can issue certificates. Connections could be decrypted plausibly by privileged employees of ANY certificate authority, disgruntled government officials that can compel those CAs to turn over keys, etc.
I know you're just joking (and I even laughed) but it's worth pointing out that the scenario I describe is very realistic.
This is only true using a man-in-the-middle from the initiation of the connection. SSL/TLS sends random PKI keys at the start of a connection. The trusted CA keys are used only for identity (so you know you are really connected to xyz.com). After all, you can have SSL/TLS connections without a trusted CA. It basically works like this: When you make an SSL/TLS connection, each side generates a random keypair, whereafter each sends its public key to the other side. Using these public keys, each side sends a new random symmetric key back again to the other side, whereafter the actual data transmission begins.
