How would most users respond if their ISP told them "You must add these certificates to your browser" (with instructions, or even a little installer program)? They could then use their bogus CA to MitM every use of facebook/google/whatever.
This seems no different, since it's up to the browser (not just the ISP) to enable the trusted proxy stuff. If a browser enables it without your consent (just as if they deliberately add a bogus CA to the trusted cert list), the browser is being evil and needs to be fixed. If it is left to the user, who enables it without understanding, that's unfortunate, but no worse than what can currently happen.