WEP is completely broken. Even if you do everything right, it's trivial for an attacker to access a WEP-protected network.
most of the time when a browser warns you that a certificate is bad there's nothing wrong
I've never had a false-positive browser warning. I assume you're complaining about Firefox's and Chrome's treatment of self-signed certificates, which is completely appropriate. Self-signed certificates should always be rejected, unless the user has manually added them to the keystore.
Users should not accept self-signed certificates. IMO, browsers shouldn't even offer them the option. If someone is smart enough to verify the certificate fingerprint, they can add it to their certificate store manually.
I disagree. SSL is meant to do 2 things: prove identity and provide encryption. Self-signed certificates do just the latter. While, yes, they might provide a false sense of security in that they can't prevent MITM attacks, at least you're not sending out data in the open.
Still, if protection from completely passive eavesdropping is all you care about, you can use anonymous Diffie-Hellman to negotiate an ephemeral key. The protocol supports it. Heck a lot of home-grown client software doesn't even check the name on the cert and ends up with effectively just that by accident.
Feel free to add your own self-signed exceptions. I find it useful myself.
But that's not what HTTPS is and it's not how web browsers work. By definition, the lock icon in the user's browser means that the server (as displayed in the URL) has been authenticated to the user.
