Phishing through Paypal servers

A cross site scripting flaw has been detected in paypal and has been exploited as well. read more
Excerpt --
A cross-site scripting flaw in the PayPal Web site allows a new phishing attack to masquerade as a genuine PayPal log-in page with a valid security certificate, according to security researchers.
It is scary to read that even the Security certificate could be compromised ??!!