Thanks to Snowden & Bruce Schneier, we now know the answer. secp256r1 has an NSA backdoor - see
http://www.linuxadvocates.com/2013/09/is-openssls-cryptography-broken.htmlSo - while a backdoor is not really a "honeypot" this is the best answer:-
* NIST has made an intentionally poor suggestion to use secp256r1, so it acts as a honeypot. they have found that Koblitz curves are actually more secure than the random ones.
* Satoshi had information which led him/them to believe that secp256r1 was indeed a honeypot and that secp256k1 was the better choice for real security