[cbr]

     The only thing separating a self signed cert
     from one obtained from a CA is that the CA
     has some of your contact info

Most CA certs are domain validated these days, which means you have to demonstrate control of the domain to get the cert.

    it wouldn't take a whole lot of effort to
    bypass their checks

It's pretty hard. If you get a CA to issue you a cert for a website you have no control over that's newsworthy and would get serious scrutiny put on that CA.

The CA system as it is isn't good, because we have to trust so many different CAs for it to work, but if CAs were widely issuing certs to the wrong parties we'd hear about it more.