Self-signed certs are much harder to get browsers to accept these days. The "I know what I'm doing" button and process are becoming ever more complex, and I wouldn't be surprised if they just start going away in favor of a list of trusted root CAs, which you may or may not be able to control as a user, depending on your browser. Which sucks. But anyway.
StartSSL is one place where you can get a free cert for your website today (and yes, they charge for revocation, but revocation is pretty ineffective anyway). I got a free cert from them, but my mobile browser doesn't trust it, so I decided to shell out $10 for a cert that's more widely auto-trusted by browsers. Not a huge cost, IMO.
I can't speak for anyone else, but I certainly do.
Regardless of the form of PKI employed, there's going to be a cost associated with validating the identity of the parties you're communicating with.
For the average Joe, certs that require domain ownership validation are pretty cheap these days -- certainly on par with domain name registration fees. As with domain names, people need to just start treating it as a necessary cost of running a website.
To be clear, I am far from a fan of X.509, but I'm not holding my breath for something better to come along (and be widely deployed) this decade. So let's use what we've got.
