Yeah, this is crazy but....
During penetration testing, I can conduct a MiTM attack on users quite easily because more than 80% of normal users and 25% of privileged users will click through a warning window. I get everyone's skepticism and love to push out anger like a bunch of grounded teenagers, but considering the seemingly love-fest with clicking through warnings, what Bluecoat -- Symantec did with certificates is pretty much nothing in comparison to the real problem.
.
You'd be shocked by the amount of businesses which don't implement proper PKI within their own environments, which only makes the problem worse. This trains people to click through warnings!
Remember you can untrust a certificate and a CA, it's a lot harder to get people to not click warning messages.
Biting the hand that feeds IT
