I'm not claiming that being in a position to MITM is super difficult, but in your given example it's unlikely that you'd be vulnerable since web browsers (outside of Chrome on Android) don't use OpenSSL. Additionally, there is a degree of sophistication required to attempt this attack that exceeds that of goto fail. So again, bad, but not as bad as goto fail.