Indeed. It's rather shoddy engineering if you ask me. Consider that, for example, SSL certs are generated and the private key is never disclosed to the cert authority when purchasing a key. That way only the owner of the SSL cert can actually use it.
Not entirely sure that's correct either. One could use a Hardware Security Module, such as the Thales nShield Connect[1], which will keep the private keys secure (at least in theory).
Yeah, there are known and used alternatives - I'm working on a project right now where the ssl connections terminate at the load balancers. Rooting the web servers won't reveal those private keys. But I also know of many whm/cpanel servers each with dozens of cpanel accounts, around half of which have ssl certs. One ftp password sniffed customer/cpanel account is probably enough to lose root to a whm box, exposing all the local ssl keys...
Yup, that's how it works. The point I was making is that that's the only point of vulnerability, there is no way to gain access to every private key from some central point.
For example, let's say you collected a large amount of https traffic by listening in on wifi hotspots or such like, then you attacked a certificate authority and managed to gain access to everything they have. This would be very bad, but you wouldn't be able to decrypt the traffic you'd recorded because you still wouldn't have each of the private keys used. That's very different from the problem of RSA tokens. Gaining access to RSA's servers resulted in compromising every token. Decentralization is often key to security.