So because there are endless bad people who want to get your login details, it's not Apple's fault? Isn't the opposite true? Are you sure I'm the one on drugs?
There are very simple ways of defeating phishing, banks do an effective job of it why can't Apple?
----------
It's half assed because it's trivial to defeat. You can't delegate responsibility, even if you are "EV-certified."
----------
It works. It's simple. People understand it. Some tiny icon and the technical information it reveals is incomprehensible to most people.
As I said, half-assed. Apple was supposed to be "easy" yet they want people to understand how SSL certificates work?
Oh wise one. Please enlighten us how to defeat their trivial security.