The idea of send by DCC is to simplify.
It's not like put 1000 USD over a rock, the attacks are "theoretically easy" but on practical not, unless your ISP attacks you... but if it does so, why not attack your bank account instead? Except maybe for cable access where your neighbor can sniff you.
This bitcoin.org:
[email protected] is about as practical as nothing. What would be the simplification-add of such? Try to say to someone over the phone your BC address on such manner.
Let's do one thing, right: PUT TOR ASIDE. One thing is using BC for anonymous payments / OTHER is to make non-anonymous payments.
If you're up to do anonymous payments, that's already sorted: Use BC address and that's it.
It's then a matter of choices, if for security reasons you feel more confortable with it disabled, do it like: Disabled by default / Enable if you want and know what you're doing.
Someone could hijack my site and show another BC address-Someone could hijack your site and show another PayPal email also. Defacings aren't however easy to do, you don't see sites defaced everyday.
Someone could hijack DNS to resolve to something else-Someone could hijack your bank's login and make you pass over your password to it... again DNS hijack/spoof isn't also that easy to do. Theoretically (again) it is, but that would be if you were using some bogus Nameserver. If you use your ISP defaults it would be rather complicated. And if someone invaded your PC to make it change DNS's, then that same one would open your BC Client and send all your BC's to his address.
So, in the end, my proposal is:
Split the "project idea" in two different (way different) branches:
1 - Anonymous payments - Using BC Address exclusivelly
2 - Non-anonymous (regular) payments - Using BC Addresses OR DCC.
It makes no sense at all to use Tor arguments over branch 2.