I get endless root certificates installed which Keychain says are bogus. Why do they find their way into my root certificate stores if they're bogus? Isn't the point of the store to - not - allow that? nb. some of these certificates are installed with a clean install of Lion.