[url]http://news.cnet.com/8301-13578_3-57595202-38/feds-put-heat-on-web-firms-for-master-encryption-keys/[/url] tl;dr When you use HTTP, everything your browser sends over the network is unencrypted; it is plain text which anyone can read if they are monitoring the link. When you use HTTPS, your browser and the web server encrypts plain text into ciphertext so if anyone is watching, all they see is gibberish. To decrypt the gibberish back to something that's readable, they need the [[url=http://en.wikipedia.org/wiki/Public-key_cryptography]private[/url]] encryption key, which only the web server should have. If a third party, like the NSA or FBI, is able to get a copy of the key and is able to monitor the network, they can decrypt the data as well. Meaning, everything you transmit is now readable to them. Considering how much you rely on this technology, even unknowingly, this is something you should definitely be worried about.