No matter what you do, there are always social rejects (and this is saying it nice) trying to sabotage you. I've been getting various virus alerts on my CA import tool for mobile phones. Every on of them seems to be an attempt to upload a trojan. Thankfully, the AV software intercepts them.
Just to reassure you all; each upload is given a unique name (8 characters). If such a filename already exists, it will be overwritten. So the chance of you getting someone else's file is (almost) zero. Just make sure that you use the correct name / URL when you're trying to download the certificate on your phone.