Validating identity certificate
If the CA checks the secret part and is consistent it will give you the "OK" to use the public key if not you should be suspicious about using it.
The complete, standard, certificate validation algorithm is laid out in (pain)full details in section 6.
This site's certificate is not signed by any root certificates from "cacerts.txt", so you will get an error.
You will need the latest version of certificate data from convert it to PEM format by any of available tools.
Secure means that connection is encrypted and therefore protected from eavesdropping. There is a serious security issue with ssl and py Open SSL libraries that provide SSL support.
They may require valid certificate from server, but do not check it actually belongs to this server.
If the user wants to store his private key elsewhere that's his business; in the same way that it does not matter if you put your door key in your trouser pocket.