Well, one question to ask is, so? (Though in reality it is an issue.)
Also though, it can be. You just have to install it. That means a click on a link. Even without that being done, it still will encrypt the data when it is used. What it is not is in the default list of roots in IE or Mozilla etc. yet. It is a catch-22, and politics are involved.
First you have to ask yourself what is a 'trusted root' and what makes it trusted? Even what is the purpose of SSL and/or a CA. Did you know at least a couple of years ago you could easily by the root certificates of a number of firms that where already preinstalled in IE and Netscape?
They actually seem to do more to ensure the validity of a named certificate then many for pay places do at times.
some links for thought:
http://www.onlamp.com/pub/wlg/5142
http://www.schneier.com/crypto-gram-0104.html#7
http://bugzilla.mozilla.org/show_bug.cgi?id=215243
I like the idea, had it myself a few years ago, but no time to persue it. I am not sure CAcert is the right org. to pull it off, but I find it interesting none the less.
I think I am going to get a cert. or two from them and see how it goes.