The technical skill of most of the individuals in this debate is not
in the area of security. Also, there has been a very big PR campaign
for many years that was designed to cause people to equate explicit
trust and PKIs, because those who funded the campaign were public CAs
requiring such trust. That campaign has been effective in creating a
perception among many folks, technical or not, intelligent or
otherwise, and it is this perception that clouds this discussion, in
large part.
actually, that perception - which you admit is real - is part of what
makes the DNS PKI dangerous. it's what makes it so likely that
DNS PKI will be misused and that the trust placed in it will be abused.