The current SSL security model assumes that certification authorities are thorough with the checks they perform on people applying for certificates, so that I -as an example- cannot pose as your bank and obtain your credentials by fraud.
Furthermore browsers ought to be meticulous about which certification authorities they trust and include in their liste of trusted root-CAs. If you'd trust anyone certifying someone else's identity, what would be the point in the first place?
Now if someone managed to sneak in a rogue CAs public key into a major webbrowser (and it currently doesn't look like it's the case here) it would undermine the whole SSL security model because the entity controlling the CAs private key would be able to generate arbitrary certificates. These days they are not only used to authenticate webservers (or other kind of servers) but also to make sure that downloaded code is genuine. So indeed a CA that is trusted but about which no one really knows where it's coming from is indeed a big deal.
Furthermore browsers ought to be meticulous about which certification authorities they trust and include in their liste of trusted root-CAs. If you'd trust anyone certifying someone else's identity, what would be the point in the first place?
Now if someone managed to sneak in a rogue CAs public key into a major webbrowser (and it currently doesn't look like it's the case here) it would undermine the whole SSL security model because the entity controlling the CAs private key would be able to generate arbitrary certificates. These days they are not only used to authenticate webservers (or other kind of servers) but also to make sure that downloaded code is genuine. So indeed a CA that is trusted but about which no one really knows where it's coming from is indeed a big deal.