That's true. I hope with proper sandboxing Microsoft will allow self signed certs for such apps. I can understand the risk when an application can access literally everything of the user's, but the level of trust needed for sandboxed apps is less.