This problem isn't limited to Bitcoin, and applies to any kind of financial transaction conducted over an insecure channel, which is exactly why you're supposed to always use HTTPS for financial transactions. I thought everyone knew that already?
I think every message is signed with the private key. You can not modify it.
True, you cannot modify a transaction after it has been sent, but the question is about changing a bitcoin address as it appears on, eg, a store's webpage, in order to trick users into sending coins to the wrong address.
In theory, every Bitcoin address received should be encrypted. However, in practice, this probably isn't going to happen. Just as an example, a lot of the sites here:
https://en.bitcoin.it/wiki/Donation-accepting_organizations_and_projects have their donation Bitcoin address on an unencrypted web page. If I tried to send a large donation to one of those sites, the Bitcoin address could fairly easily be rewritten upon page load.