These days the web is more and more going to https (with google pushing a lot). The Website of claws-mail and also the bugtracker are only available with a self-signed certificate. I think there should be a way to log into the bug tracker with a valid certificate. It is possible today to get certificates for free (startssl) that are accepted in all mainstream browsers so I think there's no need to use self-signed certs.
I see you are a fan of illusion of security. That's all you're really getting with "official" certificate authorities.
I'm well aware of the problems of certificate authorities, however it's a reality that they are the only usable system out there. If you're looking for something improved you could consider adding a HTTP Public Key Pinning Header. However, I would mainly welcome a "valid" cert for convenience.
*** Bug 3723 has been marked as a duplicate of this bug. ***
*** Bug 3962 has been marked as a duplicate of this bug. ***