Someone found issues with the SSL implementation not properly verifying SSL certificates.(Seems that most applications these days have that problem, or they don't even verify at all.) https://joeyh.name/blog/entry/electrum_ssl_vulnerabilities/
Several nice options for Electrum users. 100% TOR keeps lots under wraps. Absent that; locate a small number of electrum servers and make owner contacts confirming the cert fingerprint. Then confirm the print before conducting any operations on their server. Further; hide your private keys in a hardware wallet (best case scenario for an active user). I don't trust "green locks" in my browser in the least. I actually preferred when we had a good ole fashioned manual cert here. Just how it is for me. Tracing a wallet's activity is not that tough and many users continue to use the same wallet on tons of transactions. If major privacy is an issue you need to break the trail by "jumping" wallets and put a commercial tumbler in between the two. Very effective and pretty simple to do. Most legit users don't care about anonymity but simply being certain their private keys never get compromised. I suggest a hardware wallet if you are quite active. Virtually idiot proof in those cases.