@bobjonkman, there are ways of ensuring that there is no MITM with self-signed #crypto certs. You just need a trustworthy way of doing the initial cert-exchange, like in-person or via a trusted courier (which is what the certificate-authorities are supposed to be).