Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010

Whoa, what an article! If you consider IT security your thing you have to read the following blog post over at:

http://op-co.de/blog/posts/android_ssl_downgrade/

The author essentially found out that since Android 2.3.4 Google has changed the default cipher suite list to favor the (unsecure) RC4-MD5 first instead of RSA-SHA256.