Yes, and that is likely the best solution for those who know enough to enable it. Unfortunately, not many casual users are aware of the need for this, and could stand to benefit from protection from the "casual eavesdropper" (http://revolutionwifi.blogspot.com/2010/11/firesheep-fallaci...).
A lot of casual users aren't aware of HTTPS, either, and don't ever need to 'enable' it. It just works. The infrastructure for it is rather centralized now, of course, but it doesn't have to be that way.
For the most part, I agree. I was thinking about services like facebook where the user has to take the initiative. But it would seem these are becoming the exception.
You're right; exploring a web of trust rolled into this would be interesting.
