I have a hard time being sympathetic to this - domains and certificate are very inexpensive these days. The bigger concern I have is that use of a common certificate, which doesn't cause browser warnings, gives people the impression of security when actually there is none. Maybe Chrome generating SHA1 warnings will help people understand that this certificate is not safe to be using.
Once this latest certificate expires (unfortunately not until 2017) I think we're going to move to a model where each controller generates a self-signed certificate. Using a public certificate where the private key is known to everyone is ultimately a disservice to our customers, and we probably shouldn't have started doing it way back in the day. Had I known...