That is a critical security flaw in Chrome (and your toy OS there with the fancy graphics).
Arguing that someone else made a mistake which renders your mistake unimportant under some circumstances is neither excuse nor justification, in particular not for continuing to make that mistake.
toy OS? Honestly, grow up. The default in OSX is best effort. Its easy enough to change to require looking at revocations or fail the connection.
Anyone that cares about security is going to be looking at what their software does and ensure its configured securely. Not posting on hacker news about a "toy OS there with the fancy graphics" like a ninny.
Arguing that someone else made a mistake which renders your mistake unimportant under some circumstances is neither excuse nor justification, in particular not for continuing to make that mistake.