Let's Encrypt going down isn't equivalent to a rant about how encryption was a terrible idea from the very beginning and we should all just use unencrypted traffic.

Kind-of. But there are worse things than outages when it's PKIs we're talking about. DNSSEC is also extremely opaque and unmonitored. Any compromise will not be noticed. Nor will anyone have any recourse against misbehaving roots.

Fun fact, CloudFlare has used the same KSK for zones it serves more than a decade now.