Almost forgot to mention, we get around an accidental replay attack (i.e. a double charge), by only allowing a one time spend to a single address when funding a "send me money" request.  We can also limit it so the same amount can only be charged once per day or something.  Both of these options would be up to the wallet implementer/maintainer to enforce. 

The modifications I'm making at the present time mean that the merchant would tie a unique transaction to a one time use bitcoin address.  This will invalidate the signature hash on the "send me money" message and thus make it much harder for someone to attack.

It would take a compromise from inside the merchant themselves to pull it off because an attacker would need to have captured the private part of the key which is never broadcast and is only a transient variable stored in RAM long enough to calculate a public key and sign the message.  To attack this way you would need to have wire level snooping between the POS terminal and the merchant gateway (such communications are supposed to be encrypted) or a completely compromised gateway to pull it off (not impossible, but hardly easy).