Not just a foible
"Such slip-ups are generally best considered as minor foibles."
An expired or "untrusted" cert might very well preclude use of a web site. A browser or OS SSL stack can easily be configured to not accept such certificates. A Microsoft IE7 browser configured to US NIST FDCC settings is one example; a OLPC system is another.
"...it's only fair to expect them to provide positive confirmation of their identity online..."
It is not positive confirmation of identity; it is simply one's SSL stack not complaining about the certificate signatory.
Biting the hand that feeds IT
