TLS certificates pointing to localhost
On a similar subject, there have been recent discussions about vendors running HTTPS servers on the local system, creating TLS certificates which point to "localhost", then embedding the private key for the certificate in the locally installed software.
Here's a discussion thread which mentions Blizzard and which was prompted by a tweet from Tavis Ormandy, who is also responsible for disclosing the other vulnerability.
What's happening here: The software battle.net by Blizzard has a domain localbattle.net that points to localhost, allowing the software to serve content there. The content is served via HTTPS with a valid cert, making it obvious that the private key is part of the software.
A couple more: here and here