Treffend zum Thema Sicherheit auf der Basis von kommerziellen CAs:
A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don’t even do that much
via The DigiNotar Debacle, and what you should do about it | The Tor Blog.