but doesn't your OS just add them back when you are not looking?
here's a guide to stop that happening
[someone]once remarked that commercial certificate authorities could be expected to “protect you from anywhere from whom they are unwilling to take money”. This indictment of the certificate authority system stems from the observation that CAs are paid per certificate issued, and, more broadly, that certificate purchasers, not relying parties, are the CAs' direct customers.. . .
[The] EFF's SSL Observatory has been assembling a large public database that examines how certificates are used in practice on the web. Even at a first glance, data from the Observatory shows that many CAs have continued to issue certificates that are problematic in several ways, including short subject key lengths, continued use of weak or compromised subject keys, and issuing certificates for private or non-fully-qualified domain names. Unfortunately, CAs advised of such problems have not always acted expeditiously to notify subscribers or revoke these certificates.
it might slowly be getting better. . . ?