Thanks for a good response, this explains quite a bit. What prevents you (the central server) from changing addresses before relaying the address to the wallet? Others might be unable to MITM, but you would be able to from what I gather, as well as anyone with access to your mailservers.
Data are digitally signed. It's unable to change content without resigning message.
Tomorrow we'll update the Security Description of the HODLER Wallet.
Digital signing takes way more than 255 characters of length. With your supposed set up, no one would be able to use the email setup, as the signature + email headers would already exceed the 255 max. You can't decrypt and verify on your mail server either, as the client would have to trust that your mail server hasn't tampered anything, which would ruin the encryption.
Mind getting FL4RE to answer this? He seems more technically capable than you (no offense, I assume you're in marketing or something)