If a site is using SSL / TLS ciphers of less than 128 bits then it may be possible for an attacker in a position to actively manipulate network traffic to perform a "cipher downgrade" attack, in which an SSL session is forced to use a weaker encryption algorithm than would otherwise be selected. Ciphers of 56 bits or less can easily be deciphered with modern computing power and they should be avoided for a production setup.
To check the cipher strength of a site -
https://www.ssllabs.com/ssltest/index.html