I also do not think it is likely the recent DigiNotar or Globalsign break ins have produced SSL certs to attack mtgox with (which WOULD explain this) because mtgox uses EV certs and as far as I know none of the fake certs were for EV, but DigiNotar and Globalsign both DO issue EV certs. Although I am not ruling this out.
Forging a SSL cert only enables the possibility of a man-in-the-middle attack from being transparently obvious when it's no longer signed properly. However, you still have to accept the change in certificate for the forged-SSL MIM attack to work. Did you log in to MtGox from strange internet connections in shady places? Or did MtGox get their DNS forged as well?