This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already?
I think every message is signed with the private key. You can not modify it.
True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address.