I dunno, if you look at the legacy of DigiNotar it seems like you're dealing with a lot of potential headaches for a couple thousand bucks that your customers hate paying you anyway.

(DigiNotar, of course, famously gave out a fraudulent * .google.com cert and is now defunct.)

As a CA you're assuming a whole lot of liability for not that much money (not that much at the scale of even a small business, anyway), and that just doesn't seem like it'd scale to a wildly profitable venture, especially considering the kinds of people who are actually well equipped to run a CA can probably make a lot more money doing basically anything else in web security. When you add up the contingency risks, the opportunity costs, and whatever actual day-to-day business expenses, it does seem like you'd be looking for other ways to make more comfortable profits.

That doesn't mean CAs should charge more or anything, just that I could accept that SSL certs for standard websites isn't what anyone with a good vision for their business is really trying to hold onto.