Someone should probably also point out: most of the CAs are more or less equally 'crappy'. We've been through many CAs now and none of them has a process anywhere near 'perfect'.
Btw, Comodo customer support is rather nice. We recently bought a code signing certificate from them and they walked us through the whole process via chat, worked quite well and we were done in about 30 min.
Do you not feel that, due to the security failure in 2011, they are one of the worst? I typically disable their certificate on my machines. The CA system is totally flawed anyway, I don't know why I bother.
There are flaws with current PKI infrastructure but as you say, it's better than nothing.
There are also several initiatives to improve this situation. Google has come with certificate transparency ( http://www.certificate-transparency.org/ ) which essentialy creates public log of all issued certificates so everyone can see and verify that certificates authorities don't issue bogus/fake certificates
There is also an idea to use proof of work to estabilish network-wide consensus about valid certificates (like bitcoin or namecoin blockchain). This would be fully decentralised solution.
Quitte the opposite. They themselves came forward about what happened, communicated clearly and took steps to mitigate the problem. From what I saw, they acted responsibly and it has only I erased my trust in them.
Btw, Comodo customer support is rather nice. We recently bought a code signing certificate from them and they walked us through the whole process via chat, worked quite well and we were done in about 30 min.