If one (A) connects through a secure proxy (B), beit webbased or not, and you connect through that proxy to another secure website (C), is it possible for B to listen to and decipher the networktraffic?
Ah, my wording is off. Let me rephrase: couldn't B create two certificates acting as a well-known company such as Equifax and have both parties agree? Assuming that the parties don't know nearly as much about SSL certificates as we do, as it would be somewhat obvious to detect.