Fetchmail, msmtp, etc can all connect to a host, take that cert fingerprint, compare it to the one you've configured, and drop the connection if they differ. Doesn't FF support this kind of fingerprint scheme? Or even simply storing the site's cert for comparing.