It's because of incidents like this why I call our PKI a scam and a racket. The fact that this is even a thing that can ever happen points to massive, systemic problems in the trust model.
You appear to believe that any security system that has any failure, ever, indicates "massive systemic problems". I assert that there are no security systems in history that would meet such a standard.
There are an enormous number of sites and certificates out there. Studies have been carried out at scale on attacks on SSL and found that most MITM attacks come from locally installed virus scanners, malware, or company firewalls. Hacked CA's didn't even register. So if you represented the number of bad certs as a percentage it'd probably have a lot of zeros after the decimal point.
That doesn't mean the world should sit on its hands. Although real world studies have been done, requiring all certs to be public will be a massive upgrade.
Well, it's broken and there are people getting lots of money due to the fact that it's broken.
Almost certainly the creation of the standard was not malicious, and almost certainly it currently gets support of people acting with malice. But I don't have anybody to point a finger at, even the most logical suspects aren't overtly trying to keep it broken.
