...and the fact that it kind of suggests that you might not want to trust a Linux distro to get security right on your boxes if they are unable to fix their SSL certs after 3 days.
With regards package updates, when Arch started publishing security update announcements Manjaro could start pushing those out faster. Delayed updates of other upstream packages is not really an issue (e.g. Ubuntu and CentOS have many packages that are not in sync with upstream).
It appears they're not learning.