They are not the only CA that issues certificates for free. For example, AlwaysOnSSL[0] was on HN a few days ago[1], with some important differences (as pointed out in the HN comments)
I'd be interested in seeing a specific law or case where that sort of thing was illegal. Lying by itself isn't illegal (in the United States at least, i dunno about elsewhere)
But sniffing probe requests doesn't get you much. You get a list of SSIDs they've seen, which could be potentially bad, but not nearly as bad as insecure sites not being marked as such.
Since we're listing issues with K9: It's pretty easy to setup if you know what you're doing, but the lack of any sort of autoconfig for non-Gmail mail servers make it very difficult to give it to a normal user and have it just work. Thunderbird has a standard autoconfig file to do this, and there is an open issue on K9 to add support for the same format, but it's been open and stagnant for years[0]
Required maintenance for a simple, static https site: Install certbot, press enter a few times, forget about it.
"keep a cron job running" sounds like it you're running the cron job by hand.
>Even the top 100 sites are only at 80% https by default, and they do it for a living!
That's entirely separate from your "simple, static site" example and yes, rolling any sort of large change out to a big site is a big deal, and if there isn't business motivation to do it it likely wont happen. Google is providing everyone a business motivation by threatening to point out to users that insecure sites are insecure.
[0] https://alwaysonssl.com/
[1] https://news.ycombinator.com/item?id=16566031