The root of the problem (pun intended) is NOT that the SSL/TLS certificate hierarchy is a centralized trust, but that there are hundreds of roots of trust, any one of which may be compromised,
The problem is the consequences when a centralized trust is broken. In principle, the number of roots does not matter (even if in real life, it makes it easier to find a viable attack route), because the root of the evil is that it will suffice to break a single point.
A proper design would make sure that even in the case of successful hackers, rogue employees, silent break-and-entry by foreign intelligence agencies or hostile government take-overs, the consequences would not be dire.
This is why some people like the idea of using DNSSEC for distributing key material: there exists only a single valid path of trust to a single root for a key associated with any given name: its actually more centralized than SSL/TLS, which is what is desired.
Even though based on false premises (IMHO), your conclusion is intriguing. Would you kindly explain which threats dnssec will remove?