The reason you can trust all those CAs is because Certificate Transparency makes it very likely that misissuances will be caught, and a CA that screws up and fails to credibly ensure that it won't happen again will be distrusted be browsers. The chance that the particular domain you're interested in will be the one that gets a misissued certificate before that happens is really quite low. It's not a perfect system but it works surprisingly well in practice.