We both must be misunderstanding, because those first two points are blatantly false as far as I can tell. Selenium can handle(?) invalid SSL certs but the defaults certainly don't freely accept them.

As for the third point.. That's why we have DMZ's..