Passport scan to get a free certificate?
I've been using StartSSL for years, for a number of certificates - all they verify for the free cert is that I can click on a link sent to the postmaster address for the relevant domain...
If you want anything other than basic class-1 certificates for a single hostname there's a cost, and a more involved process; but that process is similar regardless of who does your identity verification.
If you want free class-1 certificates, there is no additional cost, and no super-secret documentation to send around.
I have no experience with StartCom's organisation verification process. However, for domain-verified class-1 certificates for individual hosts, they offer a free, immediate, trouble-free process which involves no more than clicking a link in my email.