The risk is that eventually you sign someone's malware and all of your customers have the certs that signed their apps revoked.