[wvs]

The core issue is that encryption is useless without authentication. A MITM could just replace the original self-signed certificate with his own and read the decrypted plaintext while proxying the request so the user doesn't notice.

[tptacek]

Yes; more importantly, a MITM can replace a validly signed certificate with a self-signed certificate. If browsers are lax about self-signed certificates, all TLS connections are weakened, not just the ones that "opt out" of "good" certificates.