CAcert doesn't have a WebTrust audit and is therefore not included in many cases. They've talked about audits in the past but every time it comes up it eventually stalls. I have no insight into their process, but I'd suspect it's a combination of people who oppose the concept of WebTrust audits and also that when they speak to auditors they discover they would fail such audits.