Thats not surprising in the least bit, In fact if you're really paranoid you can assume most of the signing authorities have given up some of their private keys....
As a non-crypto-literate web denizen, does an individual (in this case, governmental organization) possessing the "root" CA private key mean they can decrypt messages that were encrypted by derived 'child' certificates/keys?
I might be completely off base and confusing certificates and keys here, though...
Having the private key of a trusted root CA lets you create leaf certificates (or intermediate CAs) that your computer will trust implicitly (because the root is trusted). This would allow someone to man-in-the-middle your connection to, say, gmail (with help of your ISP) and you would not be able to easily detect it.
Gibson Research Corporation created a page that shows the real signature for some common websites (and lets you check any site you want). You can then connect to them and view the signature in your browser and compare them. This is what you would have to do to know if you were being MITMed with a "real" certificate.
If you ever listen to Security Now, you'll know that Steve has real issues personally with the scammy SSL system. Hongkong Post is always used as the example, but check your root cert list sometime. You'll see all sorts of entities that your browser implicitly trusts and you will have absolutely no idea who they are.
You don't, really. You would need to download the details for services you care about now, and hope they're not already compromised, and compare offline at a later date when you fear they might be.
