Yeah but for encrypted websites you need to trust the certificate. Parent wasn't talking ss vs plain, but ss vs ca. If a self signed google.com would be accepted by firefox, it'd be much much worse. You'd thought is secure and instead it may not be. The system we have isn't flawless, but it beats having to pin down every signature manually if browsers started treating self signed as trusted