SSL cert vendors should never have your private key, and I've never seen one that needed it. They only sign you public key when you generate a certificate signing request.
NASA officially calls it "Human Space Program", it is in their writing styleguide and has been for awhile.
Manned Space Program vs. Human Space Program:
All references referring to the space program should be non-gender specific (e.g. human, piloted, un-piloted, robotic). The exception to the rule is when referring to the Manned Spacecraft Center, the predecessor to the Johnson Space Center in Houston, or any other official program name or title that included "manned" (e.g. Associate Administrator for Manned Spaceflight).
Initscripts don't break because package maintainers put a lot of effort in to maintaining them for a given distro. Unit-files are much cleaner, can be maintained upstream and shared by many distros. Freeing up package maintainers to work on other things.
This is likely a large reason why all the major distro's bandwagoned on to systemd, and people don't seem to realize how much man power went in to maintaining the init system by packages that use it. No need to do process tracking, pid files, run lock files, restart on crash, proper daemonizing, run level checking, dependency checking in every script which is 80% of the boilerplate in most scripts.
I was using Arch Linux as both server and workstation when the systemd transition hit. I will admit, at first it was rather confusing, but I learned about it and now I can see why Arch switched. Declarative service configuration makes a lot of sense and the unit files that replaced the init.d scripts are easier to understand and tweak (honestly the init.d scripts had about 80% of the same boilerplate in them anyway). It's also easier for package maintainer to take a unit-file from upstream than customize a init script.
I don't think its a matter of taking your choice away, it is more of the package maintainers don't want to maintain init scripts when they can use unit-files. More generally they don't want the added work of maintaining packages for both sysvinit and systemd
Some of this likely decision making by individual distros. If you do a base install with Arch Linux you'll get systemd and some other userland utils but not much else, and most of systemd-*d services will not be enabled by default which I discovered when my network didn't come up on first boot like I expected.
Personally I'm waiting to see if CentOS 7 will do a 'minimal' install spin like they did with 6.
Anything that can be represented as a block device can added to a zpool. This also includes files which is handy when your trying to understand complicated interactions you can mock up a small zpool based on files instead of devices for testing.
On the otherside of the abstraction ZFS can also expose block devices called zvols that will be backed by the zpool. So if you wanted to run a dmcrypted EXT4 filesystem backed by a zpool you can certain do that using a zvol and still get all the benefits of ZFS integrity protection and snapshoting.
Plenty of layering can be done with ZFS.