Access to signing keys is very relevant, and I think there is a very real chance (p>0.2) that the huge oversight MS did with the terminal server keys happened because they were ordered to do it.
That's an awfully baroque government backdoor --- a misconfigured X.509 attribute on a certificate that turns out to be signed with a hash for which controlled collisions turn out to be feasible.
Access to signing keys is very relevant, and I think there is a very real chance (p>0.2) that the huge oversight MS did with the terminal server keys happened because they were ordered to do it.