OK, but you could also just run "dpkg-reconfigure ca-certificates" or use Keychain Access to mark undesirable authorities "Do Not Trust".
"If you still don't trust us, we encourage you to download the source, build it yourself and run the service on your own hardware."<p>Or you could just download debian's ca-certificates package and cat together all the .crt files you choose into a .pem. Much quicker & simpler.
Trust exactly who you want to trust... as you download certificates from a random person's server.<p>But seriously, great idea, but wouldn't this be better as a command-line tool installable via a package manager? At least then it could be audited.