The two best solutions would be to always check the SSL certificate right before the URL or by always running the wallet locally from the source code.
To be fair, there was apparently a security warning, and users ignored it. Few people seem to be aware of what SSL certificates are for, sadly.
But yeah, for newbies, the internet is a very dangerous place, and you should never ignore warnings even if you're absolutely sure you're on the correct URL. It was a DNS poisoning attack, which could happen to
any site. If there's a certificate problem and you don't know how to deal with it, walk away.