not really completely true, but close.
site won't break, and yes you will have to click through, but we're all susceptible to a man-in- the-middle proxy attack, coupled with a dns attack.
the real reason this isn't a huge issue is that anons should be operating on a lack-of-trust basis already.
but truly, to any hostile parties i say this: grab my ip. subpoena my isp. come at me.
I'm not the one who should be worried.
kek.
cert expires, browser throws error, click through.
behavior becomes learned and accepted
dns attack repoints to passthrough proxy or server hosting self-signed cert.
browser throws new error.
some/any oblivious anons click through bc normal to see error.
data compd.
it can happen. not saying it's likely or easy, but it's plausible.
heck, it's possible that we're passing through a proxy now. certs are kinda a joke, like storm door locks. they work but they aren't foolproof.