I don't know if what your threat model is here, but if you believe the NSA can suborn any CA trusted by your user's browser, then the question of which CA you use is moot. (Modulo something like certificate pinning, which helps if your advertising company that runs an enormous popular mail service also happens to also develop a popular browser.)
Assuming that an adversary can get one suborned CA to sign a certificate for your domain, the adversary can use that certificate to MITM first connections to your site without causing any sort of warning message within the browser. They can then both sniff and alter messages going in either direction, including e.g. stealing credentials, cookies, and what have you.
It should be noted that certificate pinning is only effective if you can trust the origin of the certificate at the time it is pinned. Imho google is only pushing for something like this because of the Iran incident[0] where a hacker (possibly the Iranian government) coerced a Dutch CA into providing a compromised certificate for gmail. It won't do much for stopping the US government who is already in a position to coerce CAs before pinning is implemented.
Assuming that an adversary can get one suborned CA to sign a certificate for your domain, the adversary can use that certificate to MITM first connections to your site without causing any sort of warning message within the browser. They can then both sniff and alter messages going in either direction, including e.g. stealing credentials, cookies, and what have you.