Unfortunately, DMARC breaks even mailing-lists which do not tamper with the contents of the messages at all. The reason is simple: SPF. Rewriting envelope senders is the proper way of forwarding mail since ages.
If you want to have proper integrity checks of e-mail messages, use PGP, not DMARC.
Is it more likely that:
c) One of the groups had better teachers, so they learned more.
Actually, this is a very common reason. In such cases, I don't see why should the better group get the same grades as the other one.
I think part of the rationale is that a self-signed certificate very well might be a sign that you're the victim of a man-in-the-middle attack, and it needs to be treated as a serious potential threat.
This sounds good in theory, but the reality is that self-signed certificates (or those signed by an authority your browser does not recognize) are several orders of magnitude more common than MiTM attacks.
Otherwise, I agree that a big part of the problem is unusable UI for managing certificates in almost all existing browsers.
Is "as bad as no encryption" a reason for yelling on the user and presenting it like the worst security problem ever? Even if I accept the premise that it is as bad as no encryption, the obvious conclusion is that the browser should present it the same as no encryption.
Actually, it is not as bad. It still keeps you safe from passive attacks (like your ISP collecting all data for a three-letter agency, which analyses them later).
Statistics are no substitute for judgement. -- Henry Clay