http://news.softpedia.com/news/flaw...-ssl-certificates-for-any-domain-505977.shtml StartEncrypt contains design and implementation flaws According to CompuTest, this validation process is flawed, and through a few tricks, it allows server owners to receive SSL certificates issued for other domains, such as Facebook, Google, Dropbox, etc., which can be sold on the black market or used in man-in-the-middle attacks.