I think the author is proposing to replace CAs with PGP-like web of trust but keep the rest of SSL/TLS the same, so public key crypto would only be used to setup a session key.
That's fair. I re-read the article and see your point. I would still agree with other comments here that a WoT would be difficult to implement in a user friendly way that wouldn't also be exploited.
How is it hard for a browser vendor to implicitly trust itself, and build its WoT from there? Get Chrome, trust Google. Get Firefox, trust Mozilla. It means you have to trust your browser, but.. you kind of already have to do that, you are putting all your personal info through its text fields and such.