[superuser2]

Yes it must, because self-signed carts offer no defense against MITM.

[jessaustin]

To be more precise, they offer no defense against MITM on first visit. Once I've pinned a particular self-signed cert for a particular site, I'll be quite suspicious if that cert ever changes.

[superuser2]

Okay, but that only helps the tiny subset of HNers who are manually pinning certs for a random website.

Further, real world MITMs are ad injection at the device (Lenovo Superfish) or ISP level, so they are persistent.