The implications of this are huge. Any network traffic, including iMessage, Mail and more gets proxied through this service. Users don't know how much they're opening up to a company that they really have no reason to trust.
I think they can revoke a certificate, but I don't think these certs need to be signed by Apple to be effective. If they aren't, they probably just show a warning.
