[Klathmon]

Yes, but if LE was the only major CA, then if you could attack "Company A" by impersonating them and making lots of signing requests causing them to hit rate limits you could take "Company A" offline.

If LE was found to be incompetent and lost control of their private key, browsers would be much less willing to remove them as trusted if they were a significant portion of the web.

And things like the impact of DDoSing LE to take their OCSP servers down and things like that still grow with their size.

To clarify, I love LE and I use them almost exclusively. But I'd feel better if there were others trying to follow in their footsteps.