Re: CA list
> I would love to be able to modify the browsers root CA list handling so that I could flag the majority of CAs as untrusted
At least in Mozilla-based browsers and Android you can do this no problems.
> There isn't even an easy (point'n'drool) way to edit current CA lists.
Yes there is. Admittedly, on Firefox it takes a few more clicks than I would like to, but you only have to do this once (careful about upgrades though!)
> Even having the browser optionally show, for each web-page, which CA is being used would help, instead of having to hunt through the 'View certificate' process.
That won't help in most cases. Certificate pinning is a better option.