Everyone
It turns out that Certificate Authorities themselves are one massive security vulnerability. How many more CAs need to get popped before we as an industry realize that allowing Bob’s Bait, Tackle, and Certificates to issue wildcard certificates is a bad idea?