Well, the certificate warnings have gotten pretty grave now, though I could imagine showing users an intermediate page telling them Microsoft has screwed up and you may get certificate warnings... which you should just ignore, trust us.

I was just thinking of hijacking DNS locally (i.e. when browser asks for yourbank.com, send them your IP), and making yourbank.com then redirect to yourbank.myfreehost.com -- which could have a legitimate SSL certificate and a copy of all the branding.

That seems more likely to succeed to me. I guess you could try BREACH if you have some high value target you know is using a very specific website. Anything bitcoin related: either the users themselves or admins. Robbing bitcoins is like robbing banks in the Wild West.