The implications of this are huge. Any network traffic, including iMessage, Mail and more gets proxied through this service. Users don't know how much they're opening up to a company that they really have no reason to trust.

It proxies all traffic! Not Cool!!!

Risky hack with too much potential for abuse.

Can Apple do anything about this?

I think they can revoke a certificate, but I don't think these certs need to be signed by Apple to be effective. If they aren't, they probably just show a warning.