While being connected via an insecure VPN I had once more left my email client open by accident (Thunderbird). Though access to imap.gmail.com shall be secured by SSL/TLS my gmail password was malversated within a few seconds; i.e. I got a login attempt from HongKong and had to change the password after disconnecting. Is anyone here who can explain the insecurity of SSL/TLS in its current state? Does Thunderbird support certificate pinning? Or do you think that there are still errors in the implementation of the protocol? What about libressl for Linux?