Even if there's zero mitigation I think the benefits will outweigh the downsides, but I wonder if there's anything that stops a criminal from registering a domain that is very similar to, say, that of a bank?
I know from experience (ethical hack) that the traditional authorities won't easily let you register 'suspicious' names like: <bank>-<name>.com where the original domain is <bankname>.com. Or something like that.
The phishers still have to front the cost for the domain itself, so this really isn't going to increase the number of phishing domains. It may increase the number of phishing domains with SSL, but the purpose of Lets Encrypt is to encrypt everything -- not just "official domains"
whether or not this was originaly the point of ssl or not, this is how many non-technical people decide to trust a page or not: by looking at the lock in their browser.
I never said it's the case everywhere. I said it's easy to register an SSL certificate for basically any domain you actually own, which is true. Basic SSL certificates are not designed to provide extended validation (there is EV certificates for that), they are designed to identify that domain.