>Automating this simply means that if someone hacks your machine, they also have full access to generate any certs they like.
Well, they can generate certs for your domain. But what exactly is the big difference between generating a new certificate for your domain and having your private key. I fail to see why it would be a huge risk, they can access all your users data in any case.
Hasn't this always been true for domain validated certificates? If you control the domain's content, you can get a cert. I don't see how LE makes that any worse.
Well, they can generate new certificates for as long as they have access to your machine. Take that access away, and they can't generate certificates anymore.
All in, the Lets Encrypt way brings you more security. Since the certificate validity is shorter, even generating an extra certificate will give the attacker a smaller average time with a valid cert than stealing your StartSSL cert.
It's like not-perfect-but-still-good forward secrecy: Your old certificate may be leaked or decrypted, but it will only endanger past communications; the communications after this one will still be secure.
Another side-effect is that you don't need to manage revocation stuff as diligently, because certificates automatically expire shortly. The window during which a certificate is valid is extremely short and recent, which means there is less chance that a problem happens. when that probability increases (as a result of being older), certificates become automatically invalid.
