Comment by SilasX

Nobody’s suggesting that self-signed certs be treated as trusted or CA-cert equivalent, only that they not be regarded as worse than unencrypted http. In the proposals being discussed, that attack would no more of a threat than MitMs currently are against http.