I wish they would address the topic, though. I interpret this article as if they mean that HTTPS solves all censoring and content sensing issues, regardless.
One would still be vulnerable of a corrupt CA. The only solution to this would be to issue all certificates from an internal CA and verify this in your application.
I'm not sure if this would break when you needed to renew the certificate, but I guess you only update the signature, not the actual public key.