I'm not interested about my ego -- I'm an AC, remember?
I find that many ACs tend to be more interested in their egos than signed-in users, especially the ACs that habitually check for replies to their anonymous posts.
I still think that self-signed certificates are an excellent way of getting encryption, packet integrity, /and/ verifying that it is still the same server. I cannot find anything in your posts that would refute that fact or why it would be misinformation.
You must have missed the bits about the absolute importance of determining who you're talking to the first time you make a connection.
(Your assumption seems to be that the attackers already control the infrastructure during the initial connection. My tinfoil hat is not /that/ tight. Besides, how would a "real" someone-else-vouched-for-me certificate help at that point?)
You seem to be placing an inordinate amount of trust in network operators, trust which is sorely misplaced, as I've seen firsthand. You've also handily demonstrated an utter and complete lack of understanding of how PKI encryption operates.
I certainly don't disagree with out-of-band cert verification and would try to offer a method to do that. Running an own CA would be a step up but mostly useful for larger projects only (Debian does it) -- hardly so for a hypothetical forum with only a single access point.
If you think only large projects run their own CAs, you're smoking some strong stuff. Every single employer I've worked for operated a CA for both internal and external purposes. I happen to operate three for various purposes. Be sure to inform your forum members that you don't shit two shits about their privacy.