I don't trust locks, they can be picked. I just leave all my doors unlocked because they're pointless anyway.
Actually, with shoddy locks, only those things that they lock can be compromised.
If you've got a shoddy lock on your luggage, it doesn't compromise the security of your front door and vice-versa.
With CA's, it's worse: if you're trusting one bad CA in your browser, this not only compromises communications with sites signed by that CA, but communication with any SSL site.
Indeed, if your bank is signed by Geotrust, a man-in-the-middle could just bribe (or trick) Verisign to give him a certificate for your bank (signed by Verisign), and your browser would accept it (unless you've got the certpatrol addon, which warns you if certificates change issuer for no good reason).