Ignorant question: If they are making getting a certificate easy for everyone, what is to stop "bad guys" from getting certificates for their sketchy sites? I usually look to the green "https" in my uri bar for reassurance when I'm on an unusual site.
Nothing will. Checking for https for validation whether author of a website has malicious intents is wrong, SSL is not intended for that purpose. That's the purpose of an EV cert, because it requires a company to prove its identity, so the very least you can do is to look for green bar / company name in the address bar.
So then why is it important? What is the argument for encrypting all web traffic? Does it act as a sort of camouflage for the actually important encrypted traffic?
