Thank you very much for the ssl server check! I've found it to be very helpful.
I think it would be appropriate to include the cacert root among the known root certs, so that sites like this one would be scored appropriate by the server check: https://zooko.com . I'm aware that cacert isn't perfect, but I've recently been noticing that a lot of the other roots -- ones that your service does count as legitimate roots -- are even more imperfect. ;-)