I'm all in favour of CSP and HPKP, but the community forum not really related to the security of the CA server, ACME or certificate issuance in general.
HPKP can be quite tricky to get right, especially with certificates with short lifetimes. It's quite easy to actually brick your domain if you mess up in some way, and the client should probably be quite conservative and, if ever implemented, hide this option behind a lot of warnings.
There's another interesting thread on this topic: