That's a bit of a Rorschach question and debating it won't get us very far. Two concrete observations we can make (and, if you like, debate):
1. The cost of TLS certificates is now effectively zero.
2. We trust CAs (in an engineering sense) less than we used to; we have near-mandatory Certificate Transparency now to monitor certificate issuance, and the browser vendors will kill a CA that misissues egregiously, as they've done already with the largest commercial CA.
Knowing what we know now about how this stuff works operationally, we probably would not have designed the CA system we did in the 1990s.
