What I meant is I go and find an output on the chain that the un-upgraded merchant will see as a NOP/always-valid. Then I send him a transaction that connects to it and then a regular old-style output that uses the address the merchant gave me. I find the merchants IP address (maybe the node is running on the web server) and send them the transaction. They "verify" it and discover the input script satisfies the output, which causes them to believe that they received money.
Right, that was one of the lessons learned from BIP16-- transactions redeeming non-standard inputs aught to be treated as non-standard. And they are, as of v0.6 (I think, I'm really good at forgetting when changes were introduced).If the merchant is using stock bitcoind, then the non-standard transaction won't show up in their wallet until it appears in a block with 1 confirmation, making the security downgrade non-existent (it becomes a variation on the Finney attack).