It seems to me that, for example, PGP is much more vulnerable to legislation than SSL, simply because of the latter's popularity. Not that I think either are currently particularly likely to be legislated.