Wasn't their SSL tracker down for more than a year while they were on vacation last time? Shouldn't someone else have the keys at this point? I feel like PTP has said "we have measures in place to make sure this doesn't happen again" at least 3 times now.
I think it's quite hard to find people maintaining sites like this nowadays. There's always some risks, the tech stack might not be the greatest, the servers might have hacks here and there. It's a bit of a problem with other sites too, RED was having some trouble last Christmas for example...