Well, they can generate new certificates for as long as they have access to your machine. Take that access away, and they can't generate certificates anymore.
All in, the Lets Encrypt way brings you more security. Since the certificate validity is shorter, even generating an extra certificate will give the attacker a smaller average time with a valid cert than stealing your StartSSL cert.
All in, the Lets Encrypt way brings you more security. Since the certificate validity is shorter, even generating an extra certificate will give the attacker a smaller average time with a valid cert than stealing your StartSSL cert.