About this man in the middle thing - 

This is very frightening type of attack is that allows access to your outgoing and incoming data. The attacker can simply record it, or can actually intercept and change what you're downloading or uploading, all without your knowledge. 

HTTPS connections were not secure.  Think about the type of websites that are protected by HTTPS security - banks, health care, anything with personal information.  Now think about the bad guys that have a very good inroad to record or intercept all that stuff.

The biggest thing to me, is that we don't just look at this type of thing with the attitude that "oh, well.  Stuff like that happens on the internet".   I appreciate the discussion and hope there is more.  Lenovo knew about this and wanted to make an extra buck.  Some could say they didn't realize the severity of what this could lead to, but when you dig deeper, I don't buy that.