Running Win7 home premium x64- no issues with the security certs........

Running Win7 Professional x64. No issues.

Did you disable the root certificate authority service (probably not the exact name, I don't have any XP machines handy to double check)?

i could be wrong but the fact that a non-https site is generating this warning seems important.

The closest thing I can find is Cryptographic Services which "Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."

I didn't disable it although I have set it to manual and apparently nothing else required it because it's not started.

However this is true of both machines (i.e. that one that doesn't display this issue as well as the one that does). Also I've used that setting forever which doesn't explain why the sudden change.

But as I tried to imply in my OP I don't really consider this much of an issue and since it does appear to be only just me seeing this then I really wouldn't worry about it. All it costs me is an extra click and I'll trade that for running one less service anyday of the week.

I see this quite often when the System Clock is off.  Check the date and time on the lower right of the computer screen in the System Tray.  Make sure that the date and time are correct.  If not, change them to the current date and time.

You said this is an older XP machine.  The CMOS battery controls the system date and time.  If the date and time are off, you will get Certificate errors because the certificates are looking for the proper date and time to sync with.

The whole thing with browser-packaged trusted certificates is fundamentally wrong anyway. 

YOU should be the person who decides who to trust, not some people who prepare the installation of your browser. Did you know that among trusted certificates are subjects like Sudan Telecom? Should you trust Sudan Telecom? Moreover, I have read a discussion among Firefox developers where a user asked about a specific certificate, and some dev replied: "Oh, it's one of AT&T's certificates", and someone from AT&T stepped in and said "No, this one has been revoked years ago". and then a lively discussion broke out about how the hell it got into their installation.

The point is - you SHOULD not trust this blindly, it's not something set in stone. For example, one of the servers I run generates similar message, because I did not want to pay someone I don't know just for a signature. Does it generate the error? Of course. Do I trust it? Hell yes, I set it up myself!  So what do I do? I add it among the trusted ones, problem solved. 

On the other hand, do I trust Sudan Telecom? No way!

You should THINK about which certificate you take as trusted and why.

Absolutely correct, although browsing might slow to negative numbers.