Digital Certificates should only be loaded from trusted sources as they are sometimes used in advanced malware attacks

Malware Digitally Signed With Fake Certificate
http://blogs.pcmag.com/securitywatch/2011/02/malware_digitally_signed_with.php
http://techblog.avira.com/2011/02/21/malware-signed-with-fake-avira-certificate/en/

QUOTE: German security software company Avira has uncovered a malware sample digitally signed with a fake certificate listing them as the signer. The certificate is issued to Avira GmbH and is valid from 2011-02-10 until 2039-31-12.  The malware itself is a member of the well-known Zbot/ZeuS malware family, and is spread via spammed e-mail. Its behavior is not new in any way. After running it deletes the original executable, sets itself to run when Windows starts, and contacts a command server for further instructions.