I don't think certificates are necessary here: we could permit any https without any certificate checking, and still have an improvement, with no additional dangers over using http. For example, you would remain vulnerable to DNS spoofing or man-in-the-middle problems, but you would not be subject to the exposure of secret information in packages. (There are plenty of cases where a link is sniffable but not pwnable.)
I don't think certificates are necessary here: we could permit any https without any certificate checking, and still have an improvement, with no additional dangers over using http. For example, you would remain vulnerable to DNS spoofing or man-in-the-middle problems, but you would not be subject to the exposure of secret information in packages. (There are plenty of cases where a link is sniffable but not pwnable.)