Clever solution! The author keeps emphasizing how hacky and what a terrible idea this is, but it's really not provided they trust their own infrastructure. This is exactly how SSL decryption in corporate environments works as well - MITM traffic using a cert issued by your own CA.
I think I was more bracing myself for a deluge of disapproving comments, so just wanted to make sure to emphasise I know the drawbacks of the approach and understand the risks etc :)
I thought it was odd you kept calling it "bad" and "awful". It's exactly as secure as any other certificate on the web. Arguably more, as you're aware of any access to the keys. The only differentiation is a commercial interest, nothing "bad" at all.
