I think you're confusing authentication vs encryption. If you were MITMing someone and using a self signed cert for example.com that connection can be encrypted (if the user clicks through the warnings) but says nothing about your trust for the site.
Let's Encrypt, or any other low-cost SSL certificate, says very little about my trust for the site either. It's just too easy to get them to think they really mean anything.
All new certificates for DNS names in the Web PKI today (and for some time now) must result from the CA having used one of the Ten Blessed Methods to validate the Applicants control over the name, regardless of who paid how much.
Let's Encrypt offered three of the Ten, but one was discovered to be flawed due to the way some major bulk hosting services are configured, so that leaves two (of Nine, since in practice any implementation of the Tenth Blessed Method is flawed the same way).
Even flawed Blessed Methods are far superior to the checking (basically none) we can reasonably expect from a normal person using a web browser. But still, improvements upon the Blessed Methods are a topic of public discussion, if you think you genuinely have a better way you should definitely let the CA/B Forum or m.d.s.policy know about it.
Having any valid cert (DV or otherwise) proves that you are viewing the example.com that the owner of example.com wants you to see. Without a certificate, you can/will be MITMed.
>It's just too easy to get them to think they really mean anything.
I'm not sure what you mean by this:
1. Are you saying that there is a vulnerability where you can get a valid certificate for a domain you don't own?
2. Do you mean the fact that valid owners of a domain can get a certificate easily?
If 1, please provide more info. If 2, why is that a bad thing?
