Remember the story not too long ago about a XSS vulnerability that essentially let you display your own content on an EV certified SSL page? Even a $500+ certificate can't protect against buggy sites.
One of the bigger annoyances with firefox 3 is what happens when you go to a site with a certificate that is not valid (self-signed, untrusted CA, expired, etc). You see a page styled similar to the server not found messages. You then have to click on like 4 things with one of them saying that its really bad to do this, etc before you can continue.
The time where "valid" certificates I'd encourage are for sites that do payments in some way. Imagine if your bank was suddenly using a self signed cert for login?
I've used
http://cacert.org/ for years now for the various admin sections of sites. Browsers still don't recognize it as a real ca but adding them is trivial and they are listed in the latest editions of most Linux distros. Its nice not having to add exceptions for all these certs, but can't make self signed ones that last 10 years either
