I imagine that this will deter people from quickly starting up a packet sniffer when they share links to your site. However, how are you able to use webfaction's cert? Do they just give you their private key? Or is it just a cert that is not really signed by anyone and the common name is set to *.webfaction.com? In other words, this does not mean that you can spoof www.webfaction.com's signature, corret?

I think it's shared hosting.

Firefox throws an untrusted connection warning that this certificate belongs to another website.

It's a stopgap measure (because you have to click through the cert exception, because the domain name on the cert doesn't match the URL), but it will still encrypt the data just fine.

The warning will confuse some people (such as yourself); that's why the dev asked if it was okay.