The fact that it's "purchased" has nothing to do with it. The important part is a "trusted" third party (note my use of quotes). Without authentication, the guarantees of confidentiality and integrity are pretty much empty.
(In fact, I would argue that free certificates from Let's Encrypt are more trustworthy since the ACME protocol drastically reduces the surface area for attacks on the verification process. See slides[1].)
(In fact, I would argue that free certificates from Let's Encrypt are more trustworthy since the ACME protocol drastically reduces the surface area for attacks on the verification process. See slides[1].)
[1]: http://www.thedotpost.com/2016/10/matthew-holt-go-with-acme