The encryption is really quite good. It's actually very rare to have a problem with the crypto. Compromise of the trust network is much more common and is really the problem with today's crypto systems... read a bit about superfish for a good news worthy example of abuse of trust.
When reading the https gov doc -- it's very important to remember that the government runs its own CA.
Superfish was certainly a huge abuse of the trust network. However, if we look at other recent SSL vulnerabilities: Heartbleed, POODLE, FREAK - most of these are all dealing with flaws in the encryption (some directly, through most with the use of side-channel or other clever attacks).
We also know that the NSA is saving encrypted messages for mass decryption in the future. New technologies like Perfect Forward Secrecy (PFS) can help eliminate this issue. I think that fact that nearly 100% of servers were still allowing SSL 3 up until the POODLE attack a few months ago highlights how poor most SSL configurations are. Unlike the trust network, which has infrequent but serious breaches, the encryption side seems to be poorly implemented almost universally.
However, unlike Superfish, which we know affected thousands, alot of these other SSL vulnerabilities are usually just PoCs...
When reading the https gov doc -- it's very important to remember that the government runs its own CA.