CA = Critical Infrastructure
Governments, ICANN und other governing bodies have understood a long time ago that some critical infrastructure - like root DNS servers and such - are way too important to let a bunch of companies (many of them with a questionable rap sheet) take control over them.
Maybe it's time to expand the concept to include the certificate authorities. Or, we could continue to let "the market" regulate who does what with their certs and let anybody sell, leak, lose their certs who has enough money to do so. And then let the big browser makes fix this by blocking some root certs; until they find out that you can make some extra money by whitelisting some certs for cash.
"Can't access this or that website with your browser? Try Internet Exploder 16, it accepts more root certs than any other browser!"