It really is security theater now. I've had to get certs from various vendors for the .edu I work at. They need 'official' documents from 'someone important'. Like a letter on official looking letter head with a copy of a photo ID faxed to them. Yeah. Real secure. Lemme break out my copy of photoshop.
How about at the very least the verifications some sites use to show that you control a domain? For example, the CA says that in order to verify 'somesystem.somewhere.com' we're going to need you to put this arbitrary string in a TXT record on your DNS server for that host.
When setting up a domain on Google Apps or MS Live (or other places) they ask you to do this as one of the things to do to prove domain ownership. Yes - obviously if your DNS is owned this isn't a problem, but its a heck of a lot better than the process now.