> Doesn't really matter where its hosted when most North American connections go through New York
Actually, it does matter. Https is end-to-end encryption. An eavesdropper in New York would have to crack SSL in order to see anything meaningful beyond the fact that you exchanged some data with hulbee.com .
If you used a CA certificate to sign a new SSL cert for any popular domain, it'd be detected by certificate fingerprinting and you'd burn the CA. Not worth it over public networks.
Actually, it does matter. Https is end-to-end encryption. An eavesdropper in New York would have to crack SSL in order to see anything meaningful beyond the fact that you exchanged some data with hulbee.com .