Why do you say an SSL compromise necessarily means the attacker can manipulate the connection? And what about a promise between the SSL endpoint and the database?