The CA's root certificate needs to be included in the browser to make the warning go away. CACert isn't included in any popular browser, and Startcom was only recently added to Windows. With Startcom, anyone who doesn't install the optional root certificates update in Windows update will still get an error in Chrome, Safari, and Internet Explorer. Firefox has had it built-in for a while.
HTTPS isn't the default (or really necessary) for bitcoin.org, so it doesn't much matter. If you want to manually switch to HTTPS, then you can deal with the self-signed certificate.
I see now why now why bitcoin doesn't need a CA, most people will not access it with the https protocol and therefore won't be spooked off by scary warning labels like the ones I got. Good to know.