Gratipay: Hijacking user session by forcing the use of invalid HTTPs Certificate on images.gratipay.com

I found that the domain images.gratipay.com is just a reverse proxy for gratipay.com and HTTPS works throughtout the site flawlessly except in one case, that it when we try to open user's profile: POC: https://images.gratipay.com/asdlfz/ Https Warning Page: http://i.imgur.com/XHsXJEvr.png?1 Risks...