Exchangers build reputation on forums, safeorscam and word of mouth for successful transactions.
Safe escrow like what Exchangezone.com uses is the best idea for large transactions, but who's to say they won't disappear one day and take all the escrow with them
Adobe (or the CA rather) sends you a 3rd party hardware module they didnt create that generates its own keypair and then you submit a CSR and the CA signs it after the fact just like SSL. You could buy your own crypto module all the same if you didn't trust theirs, they are very generic, and arrive blank. (safeNet Rainbow iKey).
No one not adobe nor even the CA ever sees or possesses your private key, it doesn't exist until you generate it yourself. Though I am very interested in learning about how one might obtain a fake cert that Acrobat trusts. (obviously anyone can self sign a cert... Just like with SSL it won't be trusted). Absent proof, I consider it FUD