If an attacker can change public keys, he can steal funds instead of monitor the transaction. That's the same result as an attacker who changes the Bitcoin address.
Yes, but I guess what @oryhp says is that if you communicate without a secure connection you can't be sure there isn't someone spying on you without you knowing it. Sure, he can take the money, but what's more valuable? Depends on your threat model. 
I was thinking the same thing. Maybe because creating a new address for each visitor means they have generate and monitor millions of addresses.
You only need to derive millions of addresses from one master public key, and save those with a balance.