Most people aren't aware that the government does actually have 'global certificates' that the CA's are required to always respond to as valid specifically for MITM attacks.

However, HTTPS is for transport level encryption. You can encrypt the data specifically so that even if someone is able to decrypt at the transport level, they still have to decrypt the data itself.

Think of it this way.

A highway is a transport level. A vehicle is data. HTTPS is akin to the vehicle driving in a tunnel. Anyone outside the tunnel can't see into the vehicle. encryping the data is akin to tinting the windows of the vehicle. Even if someone is inside the tunnel, they still can't see into the vehicle.

The problem is, of course, that you have to communicate the keys to decrypt the data, and if you do that via the compromised transport layer, you're still no better off than you were.

To be truly secure in this manner, you need to have an 'out of band channel', meaning, some way to send them the key using a different mechanism than the compromised transport layer.

And this is where true security runs headlong into usability and convenience, and it's why most discussions on security also need to discuss the tradeoffs in terms of usability/convenience.

When people talk about secure, they really mean "secure enough for some use". If you can control both ends of the communication, being secure is a lot easier, but most communications have at least 1 end you don't control. At which point it becomes about who you trust.

Personally, I don't like the idea of the government being able to initiate a MITM attack on me at any time, OTOH, if I had to choose, I'd rather it be the government with some guarantees against random people, than the other way around.

PS This is also why you implicitly trust the network you're on when you don't encrypt the data and instead rely on transport level encryption. That coffee shop could very well be snooping on you via MITM, as could the company whose office you're in.