There are two major issues involved in this problem, and neither one is human attention span - so please stop fantasizing about randomly decorating my security dialogs RIGHT NOW, thankyouverymuch.
First, it's that there isn't so much "a" ratio of false positives, but rather that the ratio of false positives is 100% (and when it isn't, it's 99.99%). Your experience may be different, but I don't ever remember seeing a a security warning of any kind that notified me of an actual, present, confirmed, real threat. They are always of the "security is not guaranteed to be secure" variety, not so much detecting a threat but rather making sure they cover their own asses complaining that it cannot be guaranteed that there isn't one. Well whoopty-doo, cry me a river - no fucking thing in real life is ever guaranteed! I'd love to live in a perfect world where certainties are always absolute, but out here in the real world things are almost always messy, and deflecting any potential responsibility whenever something might be unsafe (except it never actually causes any issues) onto me then expecting me to treat all that whining with my full attention every single damn time is Not Good Enough. Crying wolf incessantly is NOT a "security solution".
Second, there is zero point in nagging me about things I cannot do a single damned thing about. If a website's certificate expires, can I fix it? NO! How about them using a cert for another one of their domains than it was issued for? NO! Maybe a broken auth chain due to a cert authority with dodgy practices suddenly being rejected wholesale...? NO! All I can do is abort the action completely, and that's not an actual option. EVER. In a home setting, the task at hand always, always, always far outweighs in priority any nebulous "potential threat". EVEN IF there actually IS a problem (there isn't), the practical consequences for the user are almost certainly zero (unless you catch a crypto-nastie - that's a special case) - so John Smith won't care about hosting a botnet as it will not impact him at all; on the other hand, John Smith will definitely care about not being able to get on Amazon or Ebay to order what he wants - keeping him "secure" while preventing the main task is like making sure a newborn stays impeccably sterile by keeping it in formaldehyde.
And I'm saying the above as someone who often causes consternation with his outlandishly paranoid stance on security and privacy. I simply have to recognize that current "security" warnings are only ever a nuisance to me and never of any actual help, use or value in actually dealing with whatever's "suspicious" this time. I may decide I want to put in place any number of extra security measures simply because I'm paranoid or I may not, and they might actually protect me from something or they might not; but none of that will happen merely because a "security warning" popped up - there's only one thing I can do about that when it happens: cancel the dialog and continue about my business.