Indeed. Detecting a potential MITM is useless if you
can't determine if
it's real or not. For instance the switch from RapidSSL to DigiCert
certificate was quite suspicious.
I don't know how to best publicise it, though. I suppose we would list
them somewhere like
https://secure.wikimedia.org/servers.html but if
nobody knows it's there...