Internal default TLS Store

I've been experimenting a bit with TLSStore today and now I'd like to ask - do I understand correctly that Traefik keeps its own "internal" default TLSStore by itself, even if I don't explicitly define it?

I have my own local CA and a wildcard cert signed by it and was very confused today when I created a new IngressRoute with this definition:

kind: IngressRoute
  name: restapi-ingress-test
  namespace: jed-test
  annotations: traefik
    - websecure
  - kind: Rule
    match: Host(`rest.jed.local`) && (Path(`/ping`) || PathPrefix(`/pong`))
    - name: restapi
      serversTransport: restapi-tls-test
      port: 8443
      scheme: https
          name: sticky-test
          secure: true
  tls: {}

As you can see here, I have not referenced any secret for TLS and yet Traefik uses a wildcard certificate that I have defined in another namespace for use in another IngressRoute:

curl https://rest.jed.local/ping -v
* Connected to rest.jed.local ( port 443 (#0)
* ALPN: server accepted h2
* Server certificate:
*  subject: C=PL; ST=Lodz; L=Lodz; O=Jed; OU=Jed; CN=jed.local
*  start date: Dec  4 18:10:17 2022 GMT
*  expire date: Mar  8 18:10:17 2025 GMT
*  subjectAltName: host "rest.jed.local" matched cert's "*.jed.local"
*  issuer: C=PL; ST=Lodz; L=Lodz; O=Jed; CN=Jed
*  SSL certificate verify ok.

I can also see in the logs that it does add it to a TLSStore, even though I have not defined it myself:
{"level":"debug","msg":"No store is defined to add the certificate MIIDgzCCAmugAwIBAgIUHGpdE9SJH/MSJBJPSJcakzAlKeAwDQ, it will be added to the default store.","time":"2023-02-14T19:11:08Z"}
{"level":"debug","msg":"Adding certificate for domain(s) *.jed.local,jed.local","time":"2023-02-14T19:11:08Z"}

I have not looked at the source code but am I correct in thinking that Traefik does keep a default TLSStore "internally"?
If so, what is the purpose of actually defining it (other than specifying a default certificate) if it collects the secrets by itself?