Thawte and Verisign are the same company - Verisign bought out Thawte a few years back. They are both some of the most included root certificates out there, not to mention some of the more expensive ones out there compared to Comodo and GoDaddy.
The main "threats" of using a wildcard is in case of attack and compromise. A cert for a specific site only makes that site vulnerable if the private key is compromised. A wildcard can be used for any site under your domain, so if an attacker gained access they could attack all of your sites instead of just one. It would also make it so they could decrypt the relevant information for all sites using that wildcard. Note that after the session is initiated, if they did not observe the session handshake which is the part that uses the cert, then the session would still be safe in a synchronous encrypted session. The cert is just used in SSL to perform that handshake to start the actual SSL session.
For this reason, you should not store the password on an accessible server, nor the private key (.pfx, .key, etc.) to reduce threat exposure. When imported, it should be marked as non-exportable, which isn't a guarantee but does help reduce the ease of export and raises the level of knowledge the attacker would have to have to compromise the key. For best protection, the private key should be stored on an HSM, however these are expensive so not always an option for most folks.
Key compromise is pretty rare, but it can and does happen.
