Does it help with buffer overflows?
No? Then not interested.
What's the point of checking if the code is signed if the code is still coming from Adobe?
We need to "trust" all CAs in operation in TLS and we know this is bad, so now we're going to trust all big software makers. How exactly does that make the situation better?