[fnordfnordfnord]

This malware isn't needed to infect every individual machine. This is just another tool in the long list of tools that the NSA has. Compromise the CA's and a few other key infrastructure machines, and now all our communications are laid as bare as plaintext. The fact that I'm not interesting enough for the NSA to target me individually does not mean that my communications are secure.

[asuffield]

CAs are not magic decryption boxes. If you compromise a CA, you can generate a false certificate, but this certificate is non-repudiable: it is a sequence of bytes which you must present to the system you are attacking, and which is conclusive, independently-verifiable evidence that the CA has been compromised. While the NSA almost certainly could do something like this, they would run a very high risk of detection every time they did it.