If you set it to a more compatible mode and accept both, the malware could simply strip the payment protocol and pretend the merchant doesn't support it and request that you pay using the plain old Bitcoin protocol.
Hey, that's an interesting question, not really related to Trezor but to the payment protocol itself.
If you request a https page and receive a http one, your browser can clearly detect something's not right.
But how does that work with PaymentRequests? AFAIK they're pushed by the payee, not requested by the payer, right? What if a malware sees that an authenticated payment request is passing by, and simply replace it by an non-authenticated one? If you know the merchant is supposed to send you an authenticated payment request, you'll realize there's something wrong. But can we really expect people to understand this?