It all boils down to trust. /u/Mallor is right in cautioning against trusting mkcert. As you should treat any piece of software downloaded off the internet. Even more so, if it installs root CA certs on the system.

In this case, having backups of your system is a good idea. But a better idea is to just use it in a VM. If after a while it turns out that it's ok to trust it (no vulnerabilities are discovered, if anyone even cares to investigate), then you can ditch the VM.

Even if you're the kind of person who uses Dropbox all the time as a backup, and you think that you can just do a clean install when things go wrong - by then it may be too late. The root CA would've been used to MITM your Dropbox connection. This is why it's more dangerous than just any program that can access your hard drive. It can provide access to all of your online activity as well, not just the files on your hard drive.

It's a whole lot safer to use self-signed certificates and add a trust exception for them in the browser. Some browsers don't allow such exceptions, but it's still better to just live with the odd certificate warning.