An absurd number of CMS plugins and PHP libraries are disabling SSL/TLS certificate validation on purpose, and by doing so, they're putting millions of internet users at great risk.