The security of the DNS and the security of SSL are unrelated. This is one of those Reddit memes that won't die. You can claim to be bankofamerica.com all you want, but you cannot complete an SSL exchange with a signed certificate that says so.
If Eve can take control of DNS and redirect bankofamerica.com to an IP on her servers, and it goes to a webserver with a ceritficate signed for "bankofamerica.com" by a widely trusted CA, then the browser will load it without complaint and show it as a padlocked site.
The only guard seems to be whether she can get any certificate company to sign a certificate for bankofamerica.com. Since it's cheap and easy to get basic SSL certificates from many places, this doesn't seem a very difficult obstacle for her to overcome with a bit of forging, social engineering, insider access, bribery, etc.
(I imagine that she could go to the real bankofamerica.com, save the certificate details it presents, and pass them on MITM style - but hope there are replay-prevention techniques involved. This doesn't affect the question above, though).
The premise of your argument is that it is "cheap and easy" to get a certificate signed by a CA trusted by Firefox and IE for a "bankofamerica.com" domain.
It is not "cheap and easy" to get that certificate. As evidence for that argument, I put forth the fact that no criminal has ever managed to do it.
Now you're starting to see why certificates are so important to security of SSL!
That event was so rare that it made national news, hasn't happened since, and has never happened to a financial institution.
If your argument is that Verisign sucks, though, I won't contest it. I'm not saying the CA business model is good; I'm saying that it's silly to say you can run SSL without CAs.
