...implies that PayPal sucks (as if we didn't already know that) and that if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does. 
The thief can modify the "paypal donate button" on the website which is not using SSL to protect it...
Yes, it is a problem for bitcoin(a P2P coin). There is no "complaint process" like paypal.
Only the bitcoin address on the HTTPS site is trustable. I think most of people(include me) do not aware about this. Thanks for your post!