[miklb]if someone distributes a self-signed cert for local dev on https, and someone were to put that cert on a site with malicious code, and I’ve authorized it locally in my browser, then navigate to malicious site, my browser would accept the cert, yes?
