Risks using a web browser based client:
You need to trust them because:
- They can generate a certificate for your website up to 30 days after you used their tools
2.They can revoke the certificate because they control the ACME account used to generate them
3.They can decrypt your traffic by keeping the private key they have generated for you if they are able to intercept the encrypted traffic (avoidable by generating a csr offline)