Originally Posted by Bowser Koopa

$7.99/yr is "expensive"? You're in the wrong business, kiddo.

Originally Posted by Zyber

The problem is that the browsers will trust the authenticity of a certificate as long as it is verified by any root authority. It means that if only one root certificate is compromised - then all certificates are compromised, also those certificates which were issued by other root authorities.

For example if some malware adds a fake root certificate to your browser, then all communication with HTTPS-protected sites is vulnerable to man-in-the-middle attacks.