They actually have the most reasonable business model, as they only charge you for services where human interaction is required (fe checking your credentials or adding your certificate to the revocation list), anything else like signing your certificate is free.
Note that StartSSL certificates are only free for "non-commercial" use, where "non-commercial" is not a clearly defined term, e.g. if you domain name contains businessy terms , such as "sell", they will refuse to issue a free cert.
I tried to setup some a SSL cert through StartSSL and hit the paywall when I wanted to create a cert for a sub domain. The fees to get class 2 verification cost more than buying a basic SSL elsewhere.