The attack you are talking about it completely trivial. It relies on you being too dumb to even care if you have a real certificate. The attack Sotirov, et al have discovered is extremely hard. It works even if you check certificates.
I think that was modoc's original point, in response to the 'stella' comment. SSL, even if vulnerable to Sotirov-level impersonation attacks, still protects from other idiot-level attacks.
So you might be tricked into setting up encrypted communication to one of the (small) N groups that have the knowledge/budget to do a Sotirov attack, but at least you still won't have identity details hijacked by (large) M others, because even broken cert-checking protects against them.
