Is there anything inherently insecure about an expired cert other than your browser just complaining about it?

No, but it reflects poorly on the maintainer. Plus, any browser complaint contributes to error fatigue. Users shouldn't just ignore these, and we shouldn't encourage them to ignore them just because we fail at securing our websites.

“No, but it reflects badly because it’s an error, and because it’s an error it contributes to error fatigue, which is bad” is a very verbose way to say that you don’t have an answer.