Thought this was going to be about password cracking, but instead turned out to be an interesting take on MITM vectors which bypass the password and piggyback on an existing session.
I would think that anyone with that level of access to compromise the channel would likely be able to just compromise the server itself?
Not so. The NSA smiley [1] showed that the smartest of attackers (or maybe the chinese are, but that's besides the point) are still (or were still, as of ~5 years ago) relying on passive MITM. It's far easier to exploit a passive vulnerability for a long time - Active exploits leave traces, give clues as to who you are. Passive exploits often leave the user without any idea that they are being snooped.
Mitm is often pretty easy, e.g. just arp spoof someone on the same network as you. Though if your target is on a different network, maybe not so simple. There's definitely a point where it probably makes more sense to try to attack the server than a well secured client; in general, hackers will aim for the weakest link (which I doubt will be your cookies not being channel bound)
> I would think that anyone with that level of access to compromise the channel would likely be able to just compromise the server itself?
That point is often brought up when discussing security, though personally I think non-maximally-effective attacks are also worth discussing - an attacker may have a reason to refrain from using full powers available for him. For instance, compromising the server immediately may lead to detection and subsequent mitigation of the attack, whereas just tapping a channel may remain undetected for long and let the attacker gather intelligence, select a particular target or perform some other, unexpected attack.
I would think that anyone with that level of access to compromise the channel would likely be able to just compromise the server itself?