You have to trust them not to do that anyway right now, as they're a CA. You also have to trust any of the >100 other CAs that your system trusts.

Nobody is suggesting that the naive X.509 scenario we had a year ago is secure. They are, however, skeptical of the idea that we should invest millions of dollars into an architectural change to the core of the Internet to land... right back where we are now.