Oh, sure, some may know enough and care enough to do something about it, change browser, change root certs — whatever is needed. But this isn't about them, this is about society at large. This is about whether your mother, your father can use their webmail account without being spied on: would you want all your emails to and from them available because of a MITM attack on someone who is not you? (I realise email is not a great example, with emails typically being transmitted in plaintext between SMTP servers, but is reasonable in the generic digital communication sense.)