They annoy users by panicing any time a certificate is signed by an authority not on the list.
This is desired behavior for SSL. Otherwise, a man in the middle could start his own private CA and issue certs for each site that you view. Bug 460374 shows MITM in the wild. If I wanted to verify self-signed certificates through route diversity, I'd install the Perspectives extension. (And I have.)
When Google released Chrome, Firefox decided they wanted to have a Chrome-like super fast release cycle, which hurt extensions.