The injection of scripts by ISPs part was the most interesting. Good example why (authenticated) encryption is important.
I agree! That was unexpected