A hundred times this. I am losing trust in Google because of this. It makes me wonder, who decides that a CA is trust worthy in the first place? Millions of people implicitly trust companies like Google and Mozilla to be the gatekeepers of SSL trust. I wonder what guarantees they offer if someone is defrauded as the result a bad CA? Whilst the CA's sometimes offer protection, I believe the companies that curate the trust list should also shoulder some financial responsibility.