Re: For a website taking payments with bitcoins, better: IP or bitcoin addresses?
Leave Tor aside, that would be more "Man in the Center" rather than "Man in the Middle". 
As for the attacks on websites with BC addresses, you may deface them, and you may spoof even without the server's Private Key. Normally people don't look to the CA, so as long as the CA is recognized it will ring no bells - and within this "world", specially for Tor users, Verisign Certificates aren't the normal thing, but CACert and other free services alike (means also many users are already used to press "Continue" on invalid certificate flags).
If by anymeans you got the server's private key then it doesn't make no difference, for your browser that Certificate is signing that address and, as far as DNS can tell, that server is there.
Edit:
To not mention the obvious: If you know the destination's IP Address why on Hell you would need to use Tor to pay?? And if the address would be something like .onion then you wouldn't need SSL, because inner Tor data is already crypted.
As for the attacks on websites with BC addresses, you may deface them, and you may spoof even without the server's Private Key. Normally people don't look to the CA, so as long as the CA is recognized it will ring no bells - and within this "world", specially for Tor users, Verisign Certificates aren't the normal thing, but CACert and other free services alike (means also many users are already used to press "Continue" on invalid certificate flags).
If by anymeans you got the server's private key then it doesn't make no difference, for your browser that Certificate is signing that address and, as far as DNS can tell, that server is there.
Edit:
To not mention the obvious: If you know the destination's IP Address why on Hell you would need to use Tor to pay?? And if the address would be something like .onion then you wouldn't need SSL, because inner Tor data is already crypted.