"...innocent until proven guilty - an important cornerstone of justice."
Uh, no. "Innocent until proven guilty" is a founding principle of the American criminal justice system, which is not the same thing at all. Indeed, American courts use "a preponderance of the evidence" in civil cases. Why this difference? Because hypothetically the government wields enormous power over the judicial system that it may abuse without strong safeguards. In lawsuits between private parties, it is assumed that the parties have equal access to the judicial system. This is often a poor assumption, but there you are.
The relevance here is that the case of CNNIC is much more like a civil case than a criminal one, and really not like a court case at all. The Mozilla Foundation, a private party, has to try to evaluate the trustworthiness of CNNIC, a quasi-governmental agency, in order to decide about access to the public software that they control. IMHO, an "innocent until proven guilty" rule would be not just wrong but dangerous in this situation. The burden of proof should be on CNNIC, who should provide evidence that they are operating their CA in a safe, responsible and aboveboard manner. In other words, CNNIC (and everyone else) should be denied access to Mozilla's CA cache if there is "any substantial possibility" that they will abuse this access. This is a strong standard, but it would make me feel safer.