They're still free, whereas no other company (at this time) will give you a free certificate for a single subdomain year after year. If you are using so many subdomains that generating the CSRs and pasting them in StartSSL's CSR field is too much work, then maybe a paid wildcard certificate is the better solution for you. But as long as you can count the subdomains that need a certificate on one hand, I'm not going to pay some other company $50 (maybe more? not sure) for something that takes me less than half an hour per year.

1 company where it's kinda sorta not-so-hard to do SSL is not good enough. If we're going to go HTTPS-only it needs to be as close to as easy to get them as it is to install apache on your old laptop and serve some html you wrote.

What irks me is that the biggest HTTPS-only advocates (mostly Google employees) simply do not care about this problem. They do not address it.