I rather use my own self signed cert for personal usage. If you want people to "trust" your website
you will have to have a signed cert by some "trusted" company.
We run our XMMP server and our IronChat on a private server that is only accesable for
member so there is no need for a signed cert from a so called "trusted" entity.
Eyedropping of SSL traffic is something allmost every govement agency is doing these days
and i would not be suprised if 128 bits SSL has already been cracked. Computing power is
multiplying almost every year and quantum computing is looking around the corner.
SSL traffic than is stored now can be accessed later...that is why i advice people not only to use 1024 bits
private keys but also use OTR for all their business communication.
i would recommend to Manuel Laumb to read this article:
