I would also have to say that SSL is an industry standard, even by government and payment card processing standards. I have to keep a Ubuntu web server up to the latest PCI (payment card industry) tests since we process credit cards internally. The test runs quarterly and emails me a report of any vulnerabilities found. It has never found a problem with SSL (unless you are using an old version).
If there really is a program out there that can get past a properly configured HTTPS server, then the Internet as we know it would not exist. There would be no online banking, no government sites, no Amazon, no eBay, etc. Remember that Sony's PSN network was taken down because it wasn't using any security at all, and running an unpatched version of Apache. On another note, the only way obfuscate the data, would be to have an encryption implementation in JavaScript, and a matching version in Python to transmit the data over the wire. In this case, all a hacker would have to do is read your JavaScript code, which is just a "right-click -> view source" away. So you gain nothing by trying to obfuscate the data, which is exactly why HTTPS and SSL exist, because the security experts know that security is NOT obfuscation.
