Fake facts
Having the signing cert in this case an issuer which effectively only signs in the public key of the s server certificate does not and can not compromise the client/server connection security. That just a dump fear mongering. You can argue that man in the middle is possible but only if the browser collaborates with the issuing entity to trust the fake issuer which in turn also could present a fake server certificate. Otherwise how in the hell you will come up with the private key just by being certificate issuer? If you say that the issuer could just generate also the server cert then does not also need to spoof DNS as well. At the end why is not trustible a cert signed by private company and not by govs or public institutions?
Biting the hand that feeds IT
