It's likely that they cannot trivially MITM SSL connections but for that to be true you're relying on a bunch of things which are not trivial to verify:
1. All of the apps and sites you care about are HTTPS-only and don't rely on, say, an HTTP-to-HTTPS redirect which can be bypassed.
2. The VPN client doesn't do something like configure a proxy.
3. Your OS, apps, and browser don't have exploitable bugs or weak software update mechanisms, or that the VPN provider or whoever compromised them isn't going to try exploiting them.
Obviously the third one is a relatively low probability since it's noisy but it's the kind of thing which would be hard to rule out since VPN providers have a market incentive to cut corners if they think it won't be noticed and by their nature it's easy to imagine a law-enforcement or intelligence agency thinking it'd be a good service to compromise to get access to a userbase which contains people who are trying to hide something of interest.
1. All of the apps and sites you care about are HTTPS-only and don't rely on, say, an HTTP-to-HTTPS redirect which can be bypassed.
2. The VPN client doesn't do something like configure a proxy.
3. Your OS, apps, and browser don't have exploitable bugs or weak software update mechanisms, or that the VPN provider or whoever compromised them isn't going to try exploiting them.
Obviously the third one is a relatively low probability since it's noisy but it's the kind of thing which would be hard to rule out since VPN providers have a market incentive to cut corners if they think it won't be noticed and by their nature it's easy to imagine a law-enforcement or intelligence agency thinking it'd be a good service to compromise to get access to a userbase which contains people who are trying to hide something of interest.