Their CA status is not at risk, was never at risk and will not be at risk in the future. Mozilla has made their stance clear that once you are in, you will never be removed (unless you were compromised, at which point they'll happily add your new CA).
I'll certainly not claim that we can magically make TLS work by starting to enforce the requirements we put on CAs. But we should call Mozilla out for their strongly worded letters and other nonsense to get some momentum for better solutions. The first step is admitting you have a problem.
True that they went bankrupt, but they filed on Sep 20th 2011, and the Mozilla decision to permanently remove them was a week prior or at least on Sep 2nd 2011; thus "unless you were compromised, at which point they'll happily add your new CA" is not correct.
EDIT: To clearify, this is the phrase that we seem to be arguing about:
Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort. (from the Mozilla Security Blog link above).
They were effectively out in the cold, not "in once you're in" after the incident.
I'll certainly not claim that we can magically make TLS work by starting to enforce the requirements we put on CAs. But we should call Mozilla out for their strongly worded letters and other nonsense to get some momentum for better solutions. The first step is admitting you have a problem.