I'm not developing the co-op based on the assumption that domain validation can be wholly automated -- but it can be automated for the 99+% of domains that don't try to phish people. I'd say the degree of phishing certificate requests made via the co-op will be lower than the "general population", simply because only members can request certificates. That isn't to say that the CA's policies will be any less stringent because of that, but I don't expect to be spending all of my day clicking "reject" on shady CSRs.