There are security implications with sending payments to a 'hostname' instead of an internet address. TCP is difficult to forge, however DNS is trivial. It is not a good idea to send payments to a hostname. Whether it is an oversight or intentional, it probably should not be used for anything where fraud is a concern.
Here's something I quickly googled up for anyone interested:
http://adventuresinsecurity.com/Papers/DNS_Cache_Poisoning.pdfIt is not even really an attack, it's just how it works.. This is why once people figured out that DNS was unreliable, things like .rhosts for rsh went out of style and ssh uses public keys instead. It still does some DNS checking to see if the key changed, which could indicate that the DNS has been used to divert your connection to another host.
It is very easy for me to make your computer think that someone-accepting-bitcoins.somedomain.sometld is MY computer, especially if I know you will be sending payment to it.. however if somedomain.sometld is some popular well known service like an exchange, I can just go trying to poison every bitcoin user's cache randomly and see how many I get. I know every node's network address so I can figure out who their provider is, thus I can easily narrow down which recursors they're likely to be using, so it makes attacking it a lot nicer rather than blindly messing with a bunch of random resolvers that may or may not have any effect.
Many internet DNS servers will just accept any random data you send them, though there have been attempts to patch these things and work around some of the really trivial attacks. In the end though, it is the DNS protocol that's at fault and it is not easily patchable without replacing it. There are things in the works to make the protocol more secure and such, but until it's adopted by the entire internet, there will always be places to mess with it.
It is not even a good idea to send payment to an internet address in my opinion, because the way it is implemented in bitcoin right now, you don't know if you connected to the right node. There is no pre-shared password or public key to verify manually. While it is not feasible to take over an existing TCP connection, it is possible to use NAT to divert it. In this case the attacker would have to have control of a router along the way to your destination, but in the case of Tor anyone can run an exit node and just accept all the bitcoin payments.. it's really easy to do that because they're all on port 8333 so I can just DNAT every connection to 8333 to my own bitcoin host.
Just don't use hostnames or internet addresses - use bitcoin addresses.