@s{quotedtext}
@s{quotedtext}
Ahh, right, I see; I hadn't thought through the mechanism of the pay-via-IP-address functionality.
That brings up another possible man-in-the-middle attack for HTTP connections:  if you see a Bitcoin address on a non-secure web page, you can't be sure that you're seeing the correct address (a man-in-the-middle might have replaced it with THEIR Bitcoin address).  And ditto for sending your Bitcoin address to somebody to request payment (e.g. send it via email or in your forum signature and it might get replaced before being displayed to people who want to send you money).