In reality, being one BGP trick away from a mere dedicated individual or corporate owning certs for your domain is an actual risk today.