GOG is nice and all, but it’s a for profit corporation at the end of the day, and I don’t trust corporations not to sell their values down the river when it becomes lucrative for them to do so.

I would far rather support the Internet Archive or something similar.

Allowing a certificate without proper validation for local only networks is a terrible, terrible idea. I could super easily use this as a loophole to set up a honeypot public free wi-fi, redirect all traffic through a reverse proxy and man-in-the-middle every single HTTPS connection, effectively allowing me to harvest everyone’s passwords in a really quick and easy way.

Just use DNS verification. It’s not that hard.