This sounds more like certificates are broken than public key crypto.
Yes they can come to me for my private key, but that's a different issue, then at least they're coming to me and not going to some intermediary "trusted party".
This story has exactly zero effects if you use some public-key system with different key management.
On the negative side, good systems don't really exist. On the plus side, this story might help push the development of good systems.