LetsEncrypt is good enough to protect you from ISP malfeasance and script kiddies on your public wifi.

But if your threat model includes nation states then LetsEncrypt should only be one part of your defense in depth strategy.

It literally does not matter for you if Let’s Encrypt is run by a hostile entity. They never get your private key, they only give you a certificate saying your key is valid.

Would anything nefarious be made possible by them granting someone _else_ such a certificate?

Sure, but LE could always do that, even if you don’t use them. So that is still not a reason to avoid using them.