Just to clarify: there is not 1 root certificate for all of the TinyCert generated certificates. There are root certificates for every single account. I did this intentionally to ensure that nobody would be careless enough to trust such a root and thus implicitly trust every TinyCert certificate everywhere. Basically, only the people who created their own CA through TinyCert have any business installing their root certificates (and only theirs!) into their browsers.