I hate the way certificates are handled today... They basically put a gun to your head and demand money in order to establish an SSL connection.
I know, man-in-the-middle attacks! Well sorry but can we not have an encrypted connection without protection against man-in-the-middle attacks? Why is it every other protocol has support for basic SSL encryption without certificate verification except HTTP?
Internet Explorer's implementation is annoying, WebClient and Firefox's implementations are a pain in the *.