And what are the ways to bypass such attack when using silent payment?
If Alice and Bob communicate through a secure transfer protocol, such as with SSL certificates, then MITM attack becomes more difficult to execute. And they should, with or without silent payments. Otherwise, their internet provider and the server they use to communicate can de-anonymize them.
Let's say TPB accept Silent payments. Someone sends them a donation, which confirms on-chain. Nobody else can know TPB is the receiver, because they can't know which on-chain address belongs to their Silent payment.
So why they don't just generate a brand new address in each refresh, for each visitor?