+1 Bounty aside, this deserves attention. I wouldn't want to award bounties for MitM either if I made it so easy. They closed the issue as 'out of scope'... with no mention of follow-up (or even the bounty we don't care about).

I'm skeptical to say the least. Industry standard has been to ignore MitM or certificates/signatures, not everything.