According to upstream bug report and Debian bug report:
http://developer.pidgin.im/ticket/6500http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492434
Pidgin builds using NSS library to provide cryptography do not properly verify SSL certificates provided by SSL-secured remote server (such as Jabber server). Pidgin accept invalid or self-signed certificates, regardless of the list of configured trusted SSL CA certificates.