I think if a website with a form on it that involves transferring any sum of money around should pay hundreds of dollars per year to certificate authorities.

Not every building needs to implement the security measures of Fort Knox. That doesn't mean that the security measures in-place at Fort Knox shouldn't exist.

There should be a quick, visible way for a user to tell the difference between a connection that is merely encrypted and one where the identity of the certificate owner has been vetted. Then the user can decide for any given form whether they are comfortable sending that data over that kind of connection.

Sometimes, the alternative to companies paying hundreds of dollars per year is customers losing millions.