Its kind of a broken system. Moxie has great talks on this. If you allow just about anyone to be a CA or if you're a CA and have shitty security practices, then it ruins the integrity of the entire system. If we cant count on CAs to provide valid certs to legit companies then what good is it? At least the communication channel is encrypted.
I remember that especially when he released sslstrip. I just knew it was only a matter of time after that. I guess a broken system on its way to being crushed. But it will be interesting to see alternatives implemented. I remember being at a talk by Marcus Ranum and he wanted to change AV since that has been defeated, crushed and left for dead. He had some good interesting ideas of changing the "already too late" paradigm. But we will see. I know we need to have something or more dark days ahead.
I am checking that out now. Thanks for the links!