As long as you first create a root certificate then you can create how many certificates you want.

Assuming non-chained root CAs remain trusted.

I can forsee the browsers eventually treating self-created CAs like they currently treat self-signed certs. if they're not traceable to a trusted root CA then there's no accountability, from a browser perspective, in the event of abuse or breach.

Then people will create their own root CA and use it to sign the existing root CAs. Whatever it takes. Corporate users need internal certificates.

Self-signed certificates are insecure, so, no.

Aren't they allowed already, with a click-thru warning screen? And you can also choose to trust them permanently, aka trust on first use.

No... web of trust is an important aspect to https.

s/web of trust/centralization/

s/centralization/validating ownership

Without centralization I can MITM at the coffee shop and steal passwords.

WoT would fix that, unless the other coffee shop patrons have (directly or indirectly) trusted you.

They should at least allow for local addresses