Not really; self-signed certs prevent non-resourceful actors (to use your phrase) pretty well too, well enough that I don't care about the difference for the vast majority of my traffic (how many sites do I actually trust more than I trust some rando pretending to be them? Not many, and those few are the only ones where 3rd-party verification gives me any useful information). If we decoupled the need to just encrypt transport (which is easy) from the need to verify authenticity (which is hard), we wouldn't need so many CAs to begin with (because far fewer sites would need them) and stuff falling through the cracks like this would be both less likely and easier to spot.