If users had and at least some exercised control over trusted CAs, at least to the extent of disabling if not adding, then site owners should have an incentive to choose better CAs, since worse CAs would be disabled by security-conscious users.