In the case of a properly implemented nym->address system, a MITM attack couldn't spoof an address because he can't forge a signature.  This would work especially well if a nym's pubkeys were registered in a system like Namecoin.