But CACert is not accepted as a certificate authority by major browsers. (Supposedly, according to news reports, CACert made it into the Mozilla browser, but that's not getting very far in the public eye.) So a CACert certificate isn't recognized by the browsers either.

One can ask, though, whether a certificate means much at all in this context. If I load a page running Jabeen's ActiveX control, CACert could tell me that the control really does come from Jabeen. But what more do I know about Jabeen? CACert can't tell me whether I can trust both his programming skill and his good intentions. We need a better reputation system.