Assuming they're performing proper CA verification it lowers the trust level from your entire connection to just the CAs and netboot.xyz administrators - preventing MITM attacks in the local network where they're most often performed. Perhaps it's not perfect but it seems like a pretty major improvement.