(no title)

CertPinning and CT will go a long way, but do you know that all your software components (not only your webbrowser) use these effectively?

What is about credential snagging with tools like responder? Maybe your client will freely send a set of credentials down the line because of corporate shenanigans.

Depending on the protocol used it might be trivial for a MITM to prevent a secure connection altogether and transparently downgrade your connection to a less secure method (ie Filtering STARTTLS).