Even in that case, the certificate is "a" weak link, not "the" weak link. Think through what would have to fail to pull off a steal-bitcoins attack in the multisig-wallet case:
1) User has to be directed to an attacker-controlled payment website. That means either DNS lookup is compromised or the user's connection to the Internet is compromised (weak link number 1).
2) Attacker serves up a signed PaymentRequest with a valid certificate signed by a compromised root certificate authority (weak link number 2).
If the attacker can accomplish (1), it is likely they would just serve up unsigned payment requests from a non-secure website and bet that the user doesn't notice the lack of a padlock in the web browser UI and agrees to pay to an unauthenticated bitcoin address.
In any case, I wouldn't say the root certificates are a single point of failure.