I work at Google and regularly bypass HTTPS certificate errors as part of my job for the purpose of developing servers. Either by clicking through the error, or with the "thisisunsafe" codeword, or with --ignore-certificate-errors . I pretty much only do this in incognito windows or alternate Chrome profiles, to avoid risk of leaking valid credentials.

Yeah I was being a bit snarky. I didn't mean to imply that mainstream browsers are anywhere near phasing that ability out (at least yet). However consider Firefox policies regarding extension signing (specifically code review), or major mobile platform policies regarding user access to app data. Or a certain Google policy regarding add blockers, err sorry I mean protecting user data from malicious extensions. I think there's a pretty clear theme that the end user is to be regarded as an adversary and his behavior controlled.