As Google and Yahoo will tell you after they found out the US government broke into their dedicated lines between data centers... No. It must be encrypted at every transfer without exception.
There's a huge difference between passively tapping a fiber optic cable and infiltrating a network to inject malicious traffic. All we've ever seen evidence of is NSA's passive tapping of Google & others.
We know the NSA targets routers. They have rootkits and remote exploits for them. They can do packet injection or anything else with the traffic passing through routers they take over.
Wouldn't you want to prevent "passive" tapping? Passive in quotes because depending on what they find people will be killed, tortured, executed, kidnapped, arrested, etc. It's not passive when the NSA scoops up everyone's data and sends it to their spook friends around the world.
