Dinataspace replied at 2015-2-24 22:12
I don't think Mx not checking certificates. On my trial error with this url https://superfish.xmarks ...
Yes sometimes Maxthon does, that's what makes this so strange, but there are also sites where it appears it doesn't.
Including the test sites for SuperFish: https://filippo.io/Badfish/ & https://lastpass.com/superfish/
All other browsers work fine on those sites (including chrome/chromium/internet explorer, of which Maxthon uses it's engines), so apparently there is an issue somewhere in Maxthon.
Also when you go to https://nl.surveymonkey.com/ there is no lock icon to see if the certificate is being checked, whereas there is one on https://google.nl/ (using .nl because I get redirected see next point).
Strangely though when I enter https://www.google.com I get redirected to https://www.google.nl/?gfe_rd=cr&ei=AKHtVMDMKc-Y-AbMlYGAAg and I get no lock icon, if I then enter that url manually, the lock icon suddenly appears.
I'm not saying this is related or that it means there are no checks, but it does appear there are some issues with certificate checking.
As you pointed out, this could pose a serious security risk it's better to be safe than sorry.
Dismissing an issue like out of the box wouldn't be professional and I'm sure the guys from Maxthon won't do that.