A bit late to this discussion and having only skimmed the past 20 or so responses after reading up to that point. There are a few points that should probably be made (or not, but I'm going to anyway :) ):
1. A man in the middle attack (MiTM) on a session works by the attacker pretending to be the server to the victim, and the victim to the server. It is effective only when the attacker can spoof identity. Therefore an MiTM attack on an SSL connection *can* happen when the victim cannot establish with certainty the identity of the server. This is exactly the effect of a client not verifying certificates correctly (as described in the article, and as caused by the 'goto: fail' bug).
An MiTM attack also requires the attacker to be "between" the server and victim. For most of us, that is most easily accomplished in a public wifi space. For service providers and governments it's much easier to subvert connections within or between large network transit providers.
Choose your comfortable level of paranoia, but SSL is *not* a sure-fire protection agains MiTM if you're not careful.
2. Shared password encrypted wifi networks: On all encrypted wifi networks, the bulk encryption is done via symmetric encryption (AES) with a shared (between client and provider endpoints) key. On all of those networks, the key is unique to each session so different users cannot decrypt one another's network traffic. This is true even on shared password networks, because the session encryption key is derived for each session in a manner that only the provider and user endpoints know what it is.
*However* on a shared password encrypted network, the password itself is used to verify the identity of the provider and client to one another. That means that while it's not practically possible to snoop on existing sessions, it *is* easily possible to effect an MiTM attack when a session is started by spoofing the provider (and it's pretty easy to force a session restart for those around you on a wifi network).
This is true for pretty much any service for which the sole barrier to entry is a shared secret.
3. On enterprise encrypted wifi networks (the ones where everyone has their own username and password), techniques similar to those used by SSL are employed to prevent MiTM attacks.
One final note: ARP spoofing (what Pirni can do) will often allow you to intercept network traffic (on your local wired segment, or on a wifi network), even encrypted traffic, but it does *not* automatically permit the *decryption* of that traffic.