I would say they are compromised just by watching Moxie Marlinspike's presentation about the shitty state of CAs and how he was able to find signing certs just laying around in unprotected directories https://www.youtube.com/watch?v=Z7Wl2FW2TcA