1) It's worth noting that Matthew's plan is still simply a proposal at this stage. It's not yet been voted on by FESCo or the like. Perhaps something will change before that happens (although I doubt it), or FESCo could decide to reject the idea.
2) Additionally the article didn't touch on it, but hopefully there will be documentation and tools to allow any Fedora user to sign their own stuff. This way you could enable Secure Boot, but not use only your own keys signing your own bootloader shim/grub2/kernel. These tools and docs will of course be free and open.
An evolving resource with information on this for Fedora users: