Certificate transparency effectively means that any government actually uses a false certificate on the wider web and their root cert will get revoked.

Obviously you might still be victim #1 of such a scheme... But in general the CA's now aren't really trusted anymore - the real root of trust is the CT logs.

> Certificate transparency effectively means that any government actually uses a false certificate on the wider web and their root cert will get revoked.

the ENTIRE reason the short lifetime is used for the LE certs is that they haven't figured out how to make revoking work at scale.

Now if you're on latest browser you might be fine but any and every embedded device have their root CAs updated only on software update, which means compromise of CA might easily get access to hundreds of thousands devices.