I don't think it really matters, as long as it's only a certificate for localhost rather than a root CA as in the Lenovo case. I can't think of an attack scenario where an attacker already able to run an HTTP server on localhost would be aided by being able to use HTTPS on that server. Of course, I could be missing something.
Anyone know if this uses a non-unique key pair like the Lenovo one did?