[Someone1234]

Passive monitoring? Sure. Impossible to detect active monitoring? Also yes.

There are literally governments which have used a fake certificate to monitor SSL connections. It wasn't detected for quite a few months.

[Karunamon]

The difference being that we know the first one is happening right now.

The average user will probably not be MITM'd. There simply are too many users and not enough attackers. Additionally, the attacker must hit the user during their first visit to the site or never.

[Nursie]

The average user may well be MITMd by their own government. Doesn't seem that unlikely any more.

Either way, self signing is not as secure as using a CA and it is not just browsers being picky.

[Karunamon]

..in which case they'd just compel the CA to cough up a certificate. This does not apply, at all, to the argument for or against self-signed certs.

[Nursie]

Depends on the government involved, and on the user, and on the authority.

And then it's still no worse than self signed even in the worst case.