It's fine, I understood the point xD

It's a valid problem, there's definitely a level of security that all developers should understand. The article's main aim is to try and warn developers from going too far down that road and thinking they're security specialists when they're not.

I'd certainly agree that the main understanding required for non-security devs is a conceptual one; how we handle data input and output, how we secure data and endpoints from unauthorized use, and so forth.

Were it up to me, things like certificates on servers would really be left to people who know about those things - most devs, as you say, don't really understand it that well, but I suppose it's a reality that they still often have to deal with it anyway.