[superuser2]

Okay, but that only helps the tiny subset of HNers who are manually pinning certs for a random website.

Further, real world MITMs are ad injection at the device (Lenovo Superfish) or ISP level, so they are persistent.