The most hard part of PKI is omitted completely in the article: how to deal with revocations (CRLs, OCSP and such). Hope that's not because they "forgot" to do that in their actual infrastructure.
With an online certificate issuance service like the one they describe, certificate expiration times can probably be in the 1-24 hour range, reducing the importance of revocation.