So I'm just going to send everythign in plain text instead. That'll show em.
If you need true secure communications, in as much as any such might be possible, there are other solutions for that, which don't involve any kind of central authority. (As soon as you have a central authority, you have the weakest link of attack for a larger target.)
This is encryption for everyone else, so passwords aren't being sent in the clear willy nilly by everyone who connects to their favorite sites from public wifi spots, (as an example of a real potential problem with today's security practices.)
That being said, I think they are wrong about this being the missing piece... if it were that easy to use https everyone would at least be using self signed certs by now. The standard has to be updated to reflect the reality of shared IP virtual domains. And why no TLS for http traffic yet? Even if there is no authorative signing, the web browser could then at least warn you if the cert of the a kown server suddenly changes, indicate potential MIM.