Comment 124 for bug 232340

Actually, an installation with a low level of trust by default would also eliminate the authentication issue with obtaining root certificates. In theory the untrusted-certificate dialog box could include a button to grant an additional level of trust to the associated root cert.

Honestly, I don't see what security is obtained by keeping out serious free cert providers when verisign doesn't do much to authenticate their certs other than making sure the check clears.