I think you need to review you understanding of X.509. If your client trusts a Certificate Authority then it trusts certificates issued by that CA. This allows anyone who can intercept the network traffic to conduct Man In The Middle attacks. Read up on it on Wikipedia.
... and if you use the school's WiFi then of course they can intercept the network traffic. What I'm not quite sure about... Let's say I try to get an https connection to Amazon. I will eventually receive a certificate that claims to be an Amazon certificate, signed by a Verisign root certificate, and my computer trusts that root certificate. If there was a man-in-the-middle attack performed by the school, can anyone confirm that I would see a certificate claiming to be an Amazon certificate, signed by the school's root certificate?