Well it means that you can MITM a user and they won't know the difference (an expired cert is an expired cert, whether it's self-signed or not, the user clicks through anyway). It also means nobody is doing the regular maintenance to rotate keys and do upgrades/patches/etc.