e-Guven was never compromised, it just still uses outdated practices like issuing directly from the root and expires in 2017 anyway. I once even caught an 1024-bit DSA cert being issued from this root by mistake.