Unfortunately, although you do point out the benefits of having even a self-signed cert, the average user is going to go the page see something that looks like either an error or a "you are being hacked!" message, depending on how much they read and how much they know (particularly if they're using firefox). That's the point when the average person is going to hit back or go to a different site completely.

In short, until browsers change their behaviour when confronted by a self-signed cert they will never gain widespread acceptance and use with a non-technical crowd.

Actually, of several places where this information was posted, the ONLY place that mentioned limited numbers was the forum. Every other source, including their own frontpage and the actual product listing, made no mention of the limited number, only the limited time. Seeing no mention of limited quantity on their own store would obviously lead me to searching their forums to see if it was limited.

Please try to know a little more about what you're talking about next time, before you make snarky comments on /.

It should be noted that the "Please-Trust-Us-Not-To-Steal-All-Your-Personal-Data-That-Is-Being-Proxied-And-Modified-By-Our Servers-Including-HTTPS-Traffic" system is designed to save battery life by doing encryption on RIM servers instead of the device. It should be further noted that this is an option that can be disabled so that people who it makes uncomfortable (like you) can have it performed on their device. Seems like FUD to me.

I'd characterize that as largely true with one notable exception - the second DLC pack (The Pitt) offered a pretty ambiguous moral choice that didn't result in positive or negative karma for either of the two main possible outcomes. The choice was definitely not clear-cut, and contained lots of room for interpretation as to what the morally "better" choice was. I have been sitting and working on programming while watching a friend play that content for the first time, and he sat in the pause screen for a good ten minutes thinking about all of the outcomes. Even after he had decided, he felt guilty about the choice he made. Upon discussion, he said he also would have felt guilty but for different reasons for the other choice. You're largely right, but not categorically so.

Ok, but it's difficult to download a distribution of check a checksum with *no* connection.

The point I was trying to make was that saying "use SSL" isn't necessarily a solution in all cases, and in certain cases might even be just as likely to result in a modified or crippled version of the distribution.