Just because your OS / browser vendor "trusts" a cert doesn't mean you should.
In other words, users should always have the right to control who they (indirectly) trust. That's what the comment above is referring to - it will be even worse if Superfish is used as an excuse to take away this right.
Depends on what you mean by "normal user." It's somewhat advanced, for sure, but many companies use private CAs to issue certs for their intranet sites, and the ability to install those certs on client machines is very useful.
Plenty of enterprise users need to. There are other reasons too.
I presume 'nugget is talking about the HTML rewriting aspect of the software. Injecting additional/unwanted tracking code == bad, user-requested re-writing of content == good.
Oddly Google's Android team took a different approach; on Android 4.0+ there is no way to install additional certificates without a periodic "Network may be monitored by unknown third party" notification being presented.
Very annoying if you wish to use your own CA or add another and it is also dangerous in that it masks any cert installation by malware.
That's a really intrusive, dangerous way of implementing ad blocking, though. Much better to have that functionality live in the browser itself (or an extension).
Your own site, work, or vendor / client sites could be added.
Or you could want to remove a Comodo (or Honest Achmed's Used Cars and Certificates).
http://www.livehacking.com/2011/04/25/honest-achmeds-used-ca...
https://bugzilla.mozilla.org/show_bug.cgi?id=647959
Just because your OS / browser vendor "trusts" a cert doesn't mean you should.