By "X is more secure than Y" I mean that the set of attacks that work against X, is smaller than the set of attacks that work against Y.
A protocol that is protected against passive eavesdropping, is thus more secure than a protocol which isn't.
Arguing that self-signed-https is NOT more secure than plain http, is precisely analogous to arguing that ssh is not more secure than telnet.
Running active MITM-attacks is actually more difficult, more costly and more likely to be discovered than merely sniffing plaintext-traffic that passes by. Thus defending against passive listening-attacks, is better than doing nothing at all.
ssh is, infact, more secure than telnet.
I agree that Joe Public can't be trained to evaluate the danger of a changed certificate - but (and this is a big but) even if he cannot - how does that make him worse off, compared to http ?
Yes, true. Joe Public won't notice active man-in-the-middle attacks when the site uses self-signed https. But that is ALSO true of plain http.
The browsers, effectively, claim that "self-signed https is MORE dangerous than plain http"
If we where arguing which is more secure of externally-signed and self-signed, then we'd agree: externally-signed is better for foiling man-in-the-middle.
But that's not my argument !
My argument is that self-signed-https is superior to plain http. And thus it's insane to put scary warnings on it, which are absent from http.
http is WORST. self-signed https is BETTER. externally-signed https is *BEST*