I'm not sure it's fair to fault the Unifi software for using a self-signed SSL certificate. I think the only theoretical security risk here would be that Ubiquiti could decrypt the traffic between you and your Unifi controller, if they could somehow obtain it. (Someone please correct me if I'm wrong.)
Ultimately, if you don't trust the certificate it comes with, it's not too difficult to replace it with one of your own (in fact, the page you linked explains how).
I haven't had the password manager issue you describe. KeepassXC in Chrome and Firefox both fill out my credentials successfully on the login page. I totally agree about the UX of the web application though. It feels like over time, options have become more and more hidden and the icons more cryptic.
- Without a valid SSL certificate, there's no way to tell whether you're actually visiting your UniFi controller or a honeypot. Ubiquiti isn't the risk here.
- UniFi features that depend on WebSocket and WebRTC are unavailable when using self-signed certificates. This includes live stats updating, device terminal, airView, etc. (Those features can be used in the cloud UI... if your Internet connection happens to be working fine.)
- Valid SSL certificates would be easy to auto-provision these days with LetsEncrypt. There are some minor challenges around port forwarding / relay, but that isn't rocket science. If Plex can figure it out, Ubiquiti can figure it out :)
Enabling non self-signed TLS certificate on IoT devices looks like easy task but actually it has difficulty. Especially router is hard because it bootstrap WAN connection.
I haven't had the password manager issue you describe. KeepassXC in Chrome and Firefox both fill out my credentials successfully on the login page. I totally agree about the UX of the web application though. It feels like over time, options have become more and more hidden and the icons more cryptic.