I would agree with you entirely if I had more reasons to transitively trust the root certificates authorities than to trust the people I believe are building the website, because in reality I don't know any of them. Certificate authority getting hacked and issuing trusted certificates to not trust worthy people have happened already. You may say that you still put more confidence in a certificate that is transitively trusted by those your browser and / or OS vendor chose for you, but why? The SSL certificate system as it is now is highly unsatisfactory to me. I would prefer something decentralized like the GPG trust network.