There was also a big bruhaha in europe back in the day. NSA was able to remotely hack a bunch of systems that had 'promis' software installed. I'd have to dig up details, but it was nasty stuff. There were some german companies (not to mention their government) that were mightily hacked off (so to speak)
You're absolutely right about the trust you have to give CAs. Personally, I strongly suspect that trust is massively misplaced.
Remember one thing: it takes just ONE complaint of malfeasance to destroy one of the Class 1 CAs. Trust is something that cannot be in doubt. If Verisign, COMODO, ComSign, DigiCert, Entrust, GeoTrust, etc. etc. EVER got caught handing out their salts or their hashes, they would completely scuttle themselves.
You may or may not remember, but many years ago, COMODO was accused of man-in-the-middle snooping by another CA. It's taken them over a decade to renew their trusts. Some versions of Linux still don't trust COMODO as a root CA.
I use StartCom. They're a small circle-of-trust provider out of Israel. They don't charge for Class A (non-commercial) personal certificates, and they've got excellent customer service. I highly recommend them.