The reason that it is not properly signed is purposeful. LL has no interest (rightfully so) in being an authoritative "secure" source on whatever insanity a user might put into a script as that would actually enable MiM (and other) attacks with LL's name writ large on them, on the larger internet. the only reason they exist as all is for secure transport within LL's system. Using it outside of that is not intended or supported, even if it is possible. the behavior of browsers marking it as untrusted is not only intended, it's desirable.