Well one of them where in Germany. I think you will find there has been others. An as for the other people who are not preforming MiTM still can be doing bad stuff with your data, I mean any one can set up a server, and a sniffer on a pc all they have to do is leave it run an set some filters for interesting traffic such as stuff that is plain text comes from .gov or .mil. It could be a simple filter to grab all http traffic then session hijacking can be preformed with the cookies ( if they are still active ) also some sites send user / password credentials in plain text when logging in, or send in the cookies themselves, these can be grabbed as well. Hmm I have probably missed some stuff like but im sure you get the idea.