Came here to say something like this. While the site is a bit of a pain, and the certs are free, make damn sure you have your site configured the way you want it before you generate the certificate.
It's $25 to revoke a cert, i.e. free up the name so you can use it again elsewhere. I used part of my domain name for an XMPP cert that I later wanted to use for a web subdomain with the same name.. nope. Stupid.
Given the way Startcom operates, that could become expensive quickly. Since your private key is your gateway into your account (Why they went with this method instead of requiring a sensible password is beyond me, it's one of the reasons their site is a huge pain...), theoretically every certificate you own is compromised, and therefore you'd be out $25 for each one.
It's $25 to revoke a cert, i.e. free up the name so you can use it again elsewhere. I used part of my domain name for an XMPP cert that I later wanted to use for a web subdomain with the same name.. nope. Stupid.