Well, "impersonating" will be quite difficult unless @gerrydimova's former business partner is some kind of 31337 hacker.. But the fact remains: someone who isn't @gerrydimova has access to the private key and corresponding certificate belonging to a domain of whom @gerrydimova is the "owner".