The "profitable business" only has to last until it's paid for its purchase, and not even that long if you believe you can sell it to a bigger sucker. SSL CAs are in the picture for at least one more generation of browser technology (say, 10 years), but longer term they're dead by their own hands. Since nobody in the stock market has apparently heard of periods of time longer than a quarter that doesn't matter for Symantec.
But anyway, CAs are not solely in the SSL market. For SSL there was a competitive market, and technological pressure to innovate the CAs out of existence. The walled gardens are a much better opportunity. Typically the walled garden owner agrees a monopoly deal with you, the CA, where either they bundle your certificates with an SDK or their ISVs come to you separately to buy one, say once per year. The owner takes a slice of the money, you spend a slice more on overheads and the rest is clear profit with zero risk of being undercut by desperate competitors. Even if something goes wrong, the walled garden owner is in more trouble than the CA and will spend money on both PR and digging its way out, they're unlikely to offer the CA as scapegoat if they think they can still fix it, and as we've seen with SSL, you can just insist that whatever happened is "in the past" (when else would it be?) and won't happen again.
So expect Verisign SSL to still be there in ten years, but with SSL certificates as a very small part of the business, hardly mentioned in any financials and largely forgotten by the general public.