And still not handling self-signed certificates well
I mean if you have certificate pinning, self-signed certificates are about as secure as official ones. Sure if an attacker can spoof the connection every time you have a problem, but then you don't get the problem of false certificates issued by rogue CAs.