alt Hacker NewsBecause the most dangerous secret is one that has been compromised and you don’t know it. This sets a time limit for their usefulness. Sometimes the stories about terrible default choices that are insecure sink in and architects choose a better path.
Also, details about the certs and the standards for them change over time. This makes it easier for the browser venders (via the CA forum) to force cert providers to update over time.