Oops.

Ian Carroll (@iangcarroll [twitter.com]) incorporated 'Stripe, Inc.' in Kentucky (Stripe, Inc. the payment processor is registered in Delaware) and then purchased an extended validation certificate.

On opening the following linked page take a look at the little green padlock, the green 'Stripe, Inc' (Safari) or 'Stripe, Inc (US)' (FF, Chrome) and the URL (FF, Chrome; not shown at all in Safari) at the top of the open browser window, consider the dark side implications, and then read the article:
Extended Validation Is Broken [stripe.ian.sh]

Extended validation certificates include information about the legal entity behind the certificate, but not much else. What a legal entity can be turns out to be quite flexible
...
Unfortunately, users are simply not equipped to deal with the nuances of these entities, and this creates a significant vector for phishing.
...
Today, I will demonstrate another issue with EV certificates: colliding entity names. Specifically, this site uses an EV certificate for "Stripe, Inc", that was legitimately issued by Comodo. However, when you hear "Stripe, Inc", you are probably thinking of the payment processor incorporated in Delaware. Here, though, you are talking to the "Stripe, Inc" incorporated in Kentucky. This problem can also appear when dealing with different countries.

Once again: caveat emptor.