Whoever puts a root certificate on your computer can generate a certificate for any website, even fake ones.
Well strangely enough Microsoft Root Certificates, which Microsoft calls a "Private Certificate Authority" is on Microsoft Windows, AND on Linux.
What's up with this?