[creshal]

> I never understood how that matters, though.

It will matter if StartCom is abused to print certificates for foreign domains. Even if your domain isn't targeted, browsers and OS vendors will probably react by invalidating all StartCom CA certs. That means no green bar.

[nosefrog]

Has this ever happened before? I'm genuinely curious, as I've heard this warning often but it seems more like FUD than anything else.

[zymhan]

Google just removed CNNIC as a trusted CA from Chrome because of their sloppy security and trust.

[WorldWideWayne]

CNNIC had provided "unauthorized digital certificates for several Google domains" and in an update on April 1st Google said that "To assist customers affected by this decision, for a limited time we will allow CNNIC’s existing certificates to continue to be marked as trusted in Chrome, through the use of a publicly disclosed whitelist" - http://googleonlinesecurity.blogspot.ro/2015/03/maintaining-...

So, I doubt they would treat StartSSL any worse than they treated China.