A sufficiently patient attacker can still eavesdrop on TLS sessions established via RSA or ECDHE today, wait for quantum computers to arrive (10+ years?), then break their public keys, and derive the symmetric keys used to encrypt the session from there.
