You mentioned man-in-the-middle attacks as an example of how client-side encryption can protect a users data.

Doesn't SSL already protect against this kind of attack?

Namely, I thought SSL guaranteed the authenticity of whoever you are communicating with. Is this not the case?