Registrar's are trusted. They can change the DNS records for your domain to point at their servers, allowing them to intercept email. That's sufficient to allow them to get certificates issued for your domain through some providers.
The issue is that it doesn't solve anything. We merely shift (more) responsibility to registrars and NICs. You can change (untrust) registrars I suppose but if you have a .com you'll have to trust Verisign _forever_. Well, at least as long as they operate the .com tld. So if Verisign loses your trust, there is even less you can do than today.
