The classic manual method of cert pinning is not feasible for more than a handful of large sites, because each browser that supports it has to update its own pin list.
Google adds a whitelist of public keys to Chrome upon request, only for high impact sites. Firefox does the same, with a different list. Safari doesn't support it at all. IE supports it in a useless fashion.
This is totally unworkable in the long term. Broader support also opens it up to smaller (less savvy) sites who will inevitably get bitten by a lack of foresight. "Oh, I only authorized GoDaddy and now I use Entrust...". However, set too broad a list and you've just given an attacker a list of targets to pick the weakest link from, possibly not dissimilar from choosing a target amongst "all CAs clients support".
The manual method is not the only way, and it's always been apparent that it was not the end game. HSTS and HPKP are important steps forward, and support is decent. As always though, IE is a useless impediment to progress.
To give a real example, CryptoCat managed to commit pinning suicide recently. They requested a pin in Chrome and then their CA's intermediate expired, meaning they had to reissue the cert .... but failed, because Chrome rejected the new cert. They had to wait for the next Chrome version to recover and basically had a multi-week outage because of it.
Pinning eliminates CA's by eliminating the agility they provide. Not inherently an awesome deal.
You really need at least one alternate (from a different company!), even though that reduces security. 2 is still better than 150. I'm surprised that Google would accept a one hash pin, but I guess they'll let you shoot your own foot off if you want to.
The other side of that is you must actually be able to issue certs from that other CA. If you have to wait for your account to get set up and verified, you've lost.
Pinning is an unscalable hack around the core problem.