Comodo SSL fail
We [should] all know that trusting third party SSL roots is bad, but if you are still not convinced then read how Comodo's SSL service was compromised. In short a reseller account was broken into and from there the attacker requested certificates for 7 domain names.
What this means is that certificates are issued without being verified. Whether it is the reseller or an attacker that is trying to generate certificates, they are not really verified, they are simply issued. Again, why do people trust ANY of these Certificate Authorities ?
Maybe time to think more about Monkeysphere and/or an SSL verified over DNS system.