... once sites are using it. As of now (early 2014), nobody is using it, but we should keep an eye on where this is going.
E.g. Facebook pins one if its intermediate certificates or root certificate for a certain time span, and within that time span, Qt would only accept these certificates. This means that a man-in-the-middle attack with a stolen certificate (like Comodo etc.) would fail.