[konklone]

I think the main catch here is that they're only willing to issue level 1 certs to individuals. For commercial endeavors, they make you pay money, and then they also have you send in proof of identity and stuff, and manually review your documents. I don't think there's a practical difference in security level, but I'm not an expert in this (which is why I don't address this aspect in my guide).

[idupree]

Unless I've misunderstood their policy, they also forbid individuals using Class 1 certificates commercially. For example, if you run a blog with "Support my blog! Buy my T-shirt swag from swag-selling-site.com[link]!" then your blog is commercial (per legal definition of commercial; IANAL); thus StartCom's policy forbids you to use their free certificate for that site.

The first sentence and a half of this paragraph[1] from https://startssl.com/policy.pdf expressly forbid it. Its final "when" clause might be trying to limit what is forbidden, but, grammatically, it has no power to restrict the first sentence, and doesn't properly restrict the second sentence either.

[1] "Class 1 certificates are limited to client and server certificates, whereas the later is restricted in its usage for non-commercial purpose only. Subscribers MUST upgrade to Class 2 or higher level for any domain and site of commercial nature, when using high-profile brands and names or if involved in obtaining or relaying sensitive information such as health records, financial details, personal information etc."

(Naturally, I hope I've misunderstood their policy.)