Yes, please do alert users that self-signed certificates are potentially sourced by nefarious organizations. But in most cases, they are used by small companies and individuals to simply encrypted content from trusted servers. So allow them to be permanently trusted.
Perhaps we will see an increase in interest in web-of-trust alternatives?
I do think that the average joe, doesn't know what a certificate or CA is, should be protected from automatically trusting an unknown CA.
The point is, if what you do interest the US government, it can compel Verisign and the likes to betray your trust, so you shouldn't trust them. And what emerges progressively is that the threshold beyond which you're deemed "interesting" by US administrations is way lower than long believed.
If you're a company doing international business, you want to secure your strategic communications with your own root CA, not with that of a company who can't say no to the government.