Just a wild guess, but if there are non secure assets in the page, this would result in a browser warning, arguably more suspicious looking than this for average users.
As a quick and dirty workaround they may have done this?
Interestingly, some of the subdomains like https://www.budget.senate.gov/ use the same certificate and do allow you to load their pages with mixed sources. If this was the idea, it was done fairly shoddy.. more than a few sites in the 'Alternative Name' field will still load.