Interesting read and not too surprising. Coming from an embedded systems background it can be amazingly difficult to get users to use security methods correctly. So there is a tendency to “cheat” and allow for things such as man-in-the-middle attacks. Of course some of this is just lazyness and possibly lack of funding (its hard to take security account for apps that are free or almost free).
http://www.theregister.co.uk/2012/10/21/android_app_ssl_vulnerability/