It is pretty dangerous for an adversary to carry out MITM attacks on a large scale, as sooner or later, this is going to be detected.
Apparently they weren't detected until the Snowden files showed it is widespread...(hacking into Belgacom for example), and wasn't the FBI requesting the SSL keys of Lavabit to decrypt traffic?
The attack the FBI attempted on Lavabit had no relation at all to certificate authorities. They merely requested the private host key of the server to be able to decrypt any recorded SSL traffic for that site. Note how this kind of attack only works when you have access to the server in question (in which case you would be able to directly monitor the plaintext communication anyway by tracing the web server executable). I repeat, this is not related at all to certificate authorities. Also note how this attack does not really scale, as it requires you to actively request and collect SSL host keys (not certs!) of all webservers whose traffic you are interested in. For that reason I would expect that information about your operations *will* inevitably leak to the public. Also web servers in other countries will be relatively well protected against this kind of attack.
The SSL Everywhere extension for example can (optionally) collect information for and check with the SSL Observatory to detect differing certificates that indicate MITM attacks.
a MITM attack would also patch (or redirect) SSL Observatory
only decentralized with checks on locally stored previously seen certificates can work, otherwise it's just security theater
But here again at MITM attack would be detectable. If the SSL Everywhere guys were not completely stupid they will check the host key of the SSL Observatory against a private certificate authority that they completely own (with the certifcate authorities' key hard-coded into their browser extension). Or more simple, they could just hard-code the public key of the observatory. Or implement certificate pinning etc. etc.
The only working attack would be for the NSA to MITM every download of the SSL Everywhere executable, patching the certificates contained in its code. But again, this is easy to detect after the fact by inspecting the sources, comparing checksums etc.
For that reason I'm not afraid at all about MITM, as it does not allow for the broad, secret, non-discriminatory data collection that Snowden's leaks show to be implemented by NSA.