Jason wrote:
because the admins can go around to every computer and download the self signed cert and install it in the computer's "trust store". Obviously a lot of manual work...
Admins never go around every computer, they are too lazy 
GPO can deploy certificates automatically. We do this, and we use self-signed certs internally. Though, i still have to do a lot of foot work daily.. Not a high level admin yet 