What would happen to merchants that do not speak/use the payment protocol? If the Trezor is set to a "safe mode" and only accepts addresses that are verified using their associated X.509 certificates, it would be unable to pay merchants that do not use it. If you set it to a more compatible mode and accept both, the malware could simply strip the payment protocol and pretend the merchant doesn't support it and request that you pay using the plain old Bitcoin protocol.
But I guess users will ask the merchants to support the payment protocol in order to feel safe buying there.