You can load your own root CA on iOS devices (i did it to enable certificates issued by my own private CA). That bypasses a LOT of security issues, and yet it’s still feasible.