I really dislike the way certificates are treated right now. Certs incorporate two different things, namely authentication and encryption. Ofcourse I understand that it is more secure to have an encrypted channel while communicating with a host that needs to be authenticated but the reverse isn't always the case.
Sometimes I am not interested in authentication with a machine because I know that the machine in question is the right one. What I AM interested in is the fact that I should be able to communicate with that machine knowing that an outsider won't snoop on my line. The most common application I can think of where there is only authentication is an SSH-connection. The fact that the link is encrypted is essential given that userdata and other sensitive data passes a lot of(NSA-enabled) routers on the internet. Given the simple authentication(this is the key, are you sure?), you can quickly set up an encrypted connection without the hassle.
The www is more annoying in this respect. You have to buy(this implies paying and spending time) a certificate from a signing authority and only then you can safely browse the web the way it SHOULD be. What complicates matters is that (some/all?) browsers are absolutely allergic to self-signed certs. This is purely placebo since it is just as easy to build your own signing authority and signing your own cert with that authority. Apparantly, some browsers(firefox I'm looking at you) don't have the reserve while the security level is exactly the same since evildoers are probably willing to go the extra mile and create their own signing authority.
There is only one option, allow self-signing as an encryption measure but not as an authentication measure. Naturally you have to take care while doing this since it could implicate that any encrypted connection is secure. On the other hand, I'm not sure that people even look at the cert-status of lets say a bank while they are connecting. The people who do that are smart enough to do the right thing anyway.