Comment 13 for bug 1464064

"I have no idea what kind of protection mechanisms there are on the signing key, and whether anyone's being bribed/hacked to give them up." so you are willing to trust any number of backdoored https CAs? There are multiple public records of backdoored CA certificates than there are of broken gpg keys.