I think CIS should automatically clean up the Trusted file database when the relevant programs / files are no longer on the computer. Or at least there should be a function where you can manually start a system scan to remove all entries that are no longer valid.
For eg, I have tried to make a bootable USB out of Win 8 dev preview. After this, there were at least 1000 entries in my CIS Trusted file list that are related to the system files of Win 8. I tried to manually select them and remove them, but that takes forever as you cant just select the first one and click on the last one while pressing Shift to select a range of files.
Without this feature, the trusted.db could get bloated over time.