In guarding against online fraud, we are cautioned to look for HTTPS and padlocks, indicators of secure sites. How do we know that the bad guys can’t arrange for those indicators to be displayed, thus defeating the whole intent? In other words, I need a brief explanation of where those come from and how sure we can be of them. Thanks.
— John Russell