The ssl cert from a trusted authority just insures that the data you are sending (encrypted) is to the actual domain/machine that you think you are sending to, backed up by the say-so of that authority that your server REALLY is the machine it's claiming to be.
Once the data gets to the destination server, it's up to them to keep it safe. The secure transactions to monsters server were secure but once there the data served another purpose
What you see when a site uses it's own certificate authority is that your browser will pop-up a box saying that the certificate authority is unknown (like when pix01 was using a certificate issued by JRiver). It's up to you then to check what you see in the popup box and decide whether or not you believe it.
Odd as it may seem, I've run into commerce sites using self generated certificates, makes me a little nervous about their priorities as a commerce site if they didn't want to spend a few bucks on a real cert.
Also I've run into many misconfigured secure sites in which the servers name in the cert doesn't exactly match the servers real dns name and that will generate a popup box too, sigh...