Certificates don't ensure you're talking to anyone in particular, other than someone who has managed to get their hands on the certificate, which, based on prevalance of rooting and etc., could be quite a range of people.
Certificates are public information. Oh, did you really mean, private key?
Certs reliably encrypt traffic between the two endpoints. That's the entire usefulness to the two endusers.
Nope. Bulk ciphers are what encrypt traffic between two endpoints. Did you really mean certs provide key exchange?
HOWEVER: An entire deceptive financial ecosystem was created when the browser manufacturers put those "scare the heck out of the user" dialogs in there; that meant that ecommerce types *HAD* to get certs that would not raise those warnings -- meaning, buying a bag of bits from someone else, a bag you could have made yourself for free, for all the good it would do you, instead purchased for $50 (or many more) dollars.
It's all based upon one key falsehood: The idea that a cert "assures" you that you're talking to someone in particular.
Wow, you like, have no idea what root trust provides, do you? If your private key is secured properly, it provides reasonable proof that the entity at the server end is related to the domain owner.
Yup, there's problems with the human-level implementation. Like, oh, govenments "leaning" on CAs to provide them with an intermediate certficate. Or, yes, private key security.
You're paranoid about (and it's possibly Proper Paranoia®) that any site may have weak private key security, especially against, erm, "hackers". Fine, the mom'n'pop websites should probably leave their SSL handling to a professional webhost since they're just as like have bungled the security if they did it on their own. Generally, though, you can reasonably trust private key security with organizations that are likely to have professional network security staff.
I'm well assured every time someone in my organization (a network appliance manufacturer) needs to help a customer with an SSL/TLS related issue and the customer meticulously coughs up all the information needed except the private key.