Is macOS installing known bad Certificate Authorities by default?

Today I was checking out macOS security and privacy guide, and when I looked at my keychain, I was surprised to find Startcom CA and Symantec CA trusted by default. Isn’t this supposed to be vulnerable to MITM? Snapshot of my keychain after manually diabling two notorious CA