CAs are mostly equal. The perpetrators of elaborate attacks can choose any CA they want to. (Give or take aspects of the target's setup, like CAA records or DNSSEC, that might make one CA more feasible than another.) And Let's Encrypt can be used by high value targets (though it may be more difficult).