Well, it provides for the possibility of a somewhat better PKI than the broken one we use for HTTPS, where any of over 500 CAs can forge a certificate for any domain on the net. DNSSEC would not be a perfect PKI by any means, and there's no particular reason to trust ICANN as the holder of the keys to this kingdom either. But signatories of bogus NS records pointed to at managed zones can at least be held accountable. Such a bogus signed NS record for any next level down is observable and recordable, and once recorded and publicised, such would provide signed proof of bad intentions and actions wherever in the DNSSEC hierarchy registrar reputation needs to be protected.
DNSSEC also provides a fairly obvious place for certificated public key storage. For example, if you want to develop a networked application called foo, storing the public key for example.com at _foo.example.com seems fairly obvious. And given domain registrants already got the hassle of having to renew domains every year or 2, now's good time to move our business to DNSSEC domain friendly registrars in preference to those which are not. This could also save the cost of those stupid, expensive and near useless CA HTTPS certificates.