They unfortunately did not have to tear the device apart and extract the cert, they state that each device uses the same one, valid until 2038, which was exposed in a previous exploit (and was likely previously available online as a result).
Though it was definitely a bad idea to post it again on their site.