There’s a very interesting blog post on this topic from a couple of months ago, along with a lengthy discussion of the policy. The short version is that Let’s Encrypt agrees that CAs should not be a judge of quality or legitimacy when it comes to DV certificates. DV merely verifies that a public key belongs to a domain.
At the same time, that’s exactly how existing CAs have conducted business and marketed their products for decades (think: site seals and what not), so it’s not something that a new player can just completely ignore. That’s why Let’s Encrypt is currently checking Google’s Safe Browsing API before certificates are issued.
In the end, I think this is a user education and browser UI problem. Users have been told to look out for “the lock” as a sign of authenticity for decades, but that’s not really what it is. Once we get to a point where regular HTTP can be marked as insecure, the UI for DV could be changed to look like HTTP does today, and the “secure” look can be reserved for certificates of a higher validation level, where the authenticity of the certificate owner has been verified to a certain degree.
Finally, just a gentle reminder: Try to be agreeable, even when you disagree. This is an important conversation to have, and it would be in everyone’s interest to keep the discussion to the facts.