The latest revelation from the Guardian, however, directly touches that last attribute: the National Security Agency (USA NSA) and Government Communications Headquarters (UK GCHQ) are not only gathering encrypted traffic from the Internet, they are able to decrypt large portions of it either through brute force or (and this is the most worrisome part) deliberate weaknesses clandestinely introduced into encryption algorithms, i.e., back door attacks.
Some of you may say, well, planners gotta plan, soldiers gotta fight and codebreakers gotta break codes. But the possibility of back doors in common encryption methods is terrifying because who says they haven't yet been detected by criminals, or worse? Even if the NSA or GCHQ have the absolute best of intentions and are working entirely within their mandate -- discussions we're not going to have on this blog -- the best weapon of anyone looking to loot your bank account is to grab your authentication information over the connection you previously believed was ironclad. As quoted in the article, "[an] encrypted communications system with a lawful interception back door is far more likely to result in the catastrophic loss of communications confidentiality than a system that never has access to the unencrypted communications of its users."
Mozilla's leadership in security is clear; both Firefox and Chrome use NSS, which originated with Mozilla, for encryption and certificate management. I am confident that we'll see Firefox and thus TenFourFox evolve more robust encryption methods out of reach of present-day brute force computation and beyond the taint of the NSA or NIST. I am concerned about Classilla; evolving its encryption to a later version of NSS may be beyond the capabilities of CodeWarrior or Mozilla 1.3.1, and I don't believe it serves the community to continue evolving a product with a security issue I know I can't solve with the tools available. This is a situation we need to watch very carefully.