This is the real answer. While I of course support hardening security I have to think that Google has other motivations by introducing these restrictions on the system cert store. There are legitimate use cases where you want want to MITM yourself (or your employer). This combined with cert pinning combined with use of encrypted DNS (which is definitely not a bad thing in it of itself) means that Google is going to keep having access to useful tracking data.