To prevent MITM attacks against deposit addresses, we now sign a message containing a user's deposit address and their username. The bitcoin address used for signing is 1PVmqfC7GcpPVg5jTTGHuv49EwAB8tEqwM
Damn, TradeFortress, you are good - fixing everything in no time!
However, I am still surprised that you don't just do the HTTPS thing. It is easy and cheap, is it not?