Unless your tinfoil hat is nailed firmly to your head, and you're worried about state-sponsored CA attacks that break HTTPS; or if you're running code from a site you don't trust, for... some reason.
No tinfoil hat needed here. Not only states can compromise CAs, scriptkiddies and hackers can too. As every CA can produce a certificate for every site, only one has to be weak/exploitable and you're screwed.
HTTPS is no replacement for proper code signing and checking. The hacker of the latest CA fiasco also produced a certificate for "plugins.mozilla.org", for example.
