RapidSSL is owned by GeoTrust, which is owned by Verisign.

You can read all about GeoTrust's certificate practices here: http://www.geotrust.com/resources/cps/pdfs/GeoTrustCPS-Versi...

The results of their KPMG audit here: https://cert.webtrust.org/SealFile?seal=650&file=pdf

And their entry into Mozilla here: https://bugzilla.mozilla.org/show_bug.cgi?id=409236

Of course, all the KPMG audit really says is "GeoTrust has a policy about checking the documentation of people who request certificates", and there's part of the problem: there's no way for a CA to make an attestation that they've implemented the technology competantly, because no third party will certify that attestation.

If you just read:

"RapidSSL's total lack of acknowledgement or response to this problem on their front page"

See:

http://news.ycombinator.com/item?id=414836

I wonder what their $10,000 warranty applies to, I can't find any details on the site.

The person who manages to get their "Live Chat" people to respond to questions about this (perhaps by asking as a "prospective customer concerned about stories in the news") is going win a Hacker News karma bonanza.