Short version: Brute force decryption will take forever. More attackable flaws exist, but they’re generally not a big deal. In day-to-day usage, HTTPS via a recent version of TLS is generally considered “safe enough”, to the point that it enables the vast majority of online commerce.
Nonetheless, there are many other methods by which your information can be stolen. You should exercise good online hygiene with respect to spyware, viruses, phishing sites, etc. And only deal with reputable, established organizations that would conceivably have good security practices in place on their end.
And sign up for a credit monitoring thing 
ETA: Third-party tax software, on the other hand, is more of an unknown as compared to browsers whose security features are tested daily by millions, attacked by hundreds, and reported by dozens. Still, one would hope they implement strong security practices…
Long version:
[spoiler]The answer’s complicated because there are different ways people could potentially steal your information.
- When you visit a secure site that uses HTTPS instead of HTTP (alternatively indicated by a padlock, a different-colored address bar background, etc.), the information you send is encrypted before being sent over the Internet. This encryption is usually considered too difficult to crack by today’s computers via brute-force approaches. I’ll leave the math to someone who understands it better, but Wikipedia seems to suggest that the universe will be old and gray by the time it succeeds.
(Bad analogy time: This is like you trying to decode a foreign-language conversation between Robert and Allison, without any guidance whatsoever, by blindly guessing the meaning of their sentences out of a possible 100 trillion trillion trillion combinations.)
- Browsers occasionally suffer from implementational flaws that may theoretically weaken their encryption methods, but those concerns have thus far been more academic than practical. Despite occasional bugs, the encryption provided by modern browsers is generally considered “safe enough” by the vast majority of people and companies – to the point that many (if not most) American banks are willing to subsidize online fraud as a cost of doing business and do not hold their customers liable for unauthorized online transactions (or, alternatively, hold them liable for only $50 max).
(Analogy: You discover that certain sounds are constantly repeated in their conversation and you manage to map out some vowels and simple words like “I”. This makes it somewhat possible to start to decode their conversation, but it still isn’t trivial.)
- A rare, but not unheard-of, situation is where a company’s website and/or internal servers get hacked after you’ve submitted the data to them. Attackers then have free access to the information, which may or may not remain encrypted.
(Analogy: You follow Robert home and steal his diary, in which he recorded the day’s conversations in plain English.)
- Similar to the above, sometimes you can simply weasel your way into a situation, “hacking” or social engineering the people instead of their computers.
(Analogy: You follow Robert home, pretend to be a new neighbor, get friendly with him and ask him all about Allison.)
- Phishers can make fake websites and get unsuspecting people to simply hand over their information.
(Analogy: You dress up like beautiful Allison and whisper sweet nothings to Robert until he tells you everything you want to know.)
- Spyware and viruses can record everything you type before it ever gets encrypted.
(Analogy: You sneak into Robert’s home and plant bugs everywhere and listen from outside. He speaks in plain English at home and you can hear everything he says.)
Outside the browser, such as with special tax software, it really depends on how the programs were written. If the programmers were smart, they’d use similar security methods as the browser (or perhaps even use the browser itself behind-the-scenes). I imagine any banking and tax apps from reputable vendors would have security as a pretty high concern. If you want to test them for yourself, a tool like Wireshark will let you see all the data going through your Internet connection.
In summary, I wouldn’t worry about #1, but I probably would about the other things.
[/spoiler]