> Unfortunately the "YOUR BANK LTD" certs have a major drawback: No obscure / arbitrary subdomains.
Why is that a drawback from a user POV? I wish sites would try hard to keep there stuff in one part of the DNS name-tree if only to make uMatrix easier to use. I'm glad of anything that encourages them to do so.
And I agree with your conclusion HTTPS is better than HTTP, but it doesn't mean we're talking with whom we think.