The fundamental problem is the whole concept of a "Web of Trust." How or why should I trust that a collision detection mechanism is in place, functioning properly, and has not been manually overridden? We've come full-circle to "I just have to blindly trust."
True, but lets get everybody used to using https and get it enabled on all the servers.
Once that's done, THEN we can tackle the problem of who to trust with the certificates.
"The longest journey starts with a single step", etc.