You can disable querying OCSP servers by setting the "security.OCSP.enabled" to false. This adds some privacy (otherwise OCSP servers can know and collect what SSL enabled sites you visit). Combined with the Certificate Patrol add-on [0] (to track certificate changes) this must be pretty secure, except when a certificate is being revoked you will not know about it automatically.
[0] - http://patrol.psyced.org