I certainly wouldn’t trust myself. Now if I could import a root cert and specify what domains to trust that would be another thing, and it seems browsers are starting to pay attention to name constraints which has not taken 20 odd years.

I’d rather be able to further constraint at the cert store though.