It's not running your own CA that's the problem; it's remembering how to integrate with it for every project you do. Especially considering almost nobody runs SSL on their web apps - you will almost always terminate SSL at a load balancer of some sort, so it's not something web developers normally need to worry about nor is it reflective of how apps run in a production environment.
Turns out, not everybody runs an AWS-style setup with a load balancer and backend servers. In some cases that's not what you want.
Regardless, we are talking about users' browsers dropping plain HTTP. These browsers will never hit your backend servers, so you need not worry about them. In your scenario, they'll always use HTTPS. You are worried about your one in a million case as a developer. That's fine, go into about:config and enable plain HTTP. Everyone else isn't an expert in security and shouldn't be allowed to shoot themselves in the foot by default.
I would be in favor of more of an alert-based implementation. i.e. if you go to a page that is HTTP, your address bar turns red with an "insecure" icon. A setting in about:config is ok, just a minor pain in the ass because I'll have to Google it any time I need to use it.
Good. I guess we are more or less on the same page. My only qualm about permitting plain HTTP and giving a passive alert is that it allows an attacker to run arbitrary JS on your machine before you notice that it was loaded over plain HTTP and decide to disable it. However, this may be a very good transition step.