This is more of a generic PHP question.

I have been reading a lot about validated-by-a-trusted-Certificate-Authority VS self-signed certificates and FF3. But my question is then what is the alternative ??? If you dont agree to pay the CA, then you have no way to feel secure!!!! Then how do all the big banks and commercial institute do it (apart from buying the cert from CA) what extra security you can impose to secure the connection with PHP ? (there you go that makes it a PHP question