This is overblown. Connections to these sites are still encrypted. This constitutes a vulnerability, not a breach. If you visit the site your browser can no longer validate the cert, meaning if someone intercepted the communication, they could launch a man-in-the-middle attack. Modern browsers are smart enough to recognize an expired cert and introduce controls to prevent you from going to the site, so if you are worried about it, don't bypass the controls.