You're surfing Amazon.com, and want to buy a book. You click on the "Pay with Bitcoin" button, but at some point a malicious factor in your system (or on the host site, Amazon.com for this example) replaces Amazon's tried and true Bitcoin address with it's own, trying to force you pay to the hacker instead to Amazon. Bad for Bitcoin, bad for the client, and bad for Amazon.
I don't think this is a failure case against which technology can secure. If you're running malware on your computer, any ability to secure your Bitcoins is out the window. If Amazon, heaven forbid, has malware on their servers, that's the end for them. Even today, either of those situations would at the very least mean your credit card gets stolen.
I have a feeling that this is very related to the "DNS-like map string to bitcoin addresses" issue - it's one problem that compliments another, and it the click-to-pay requires you to have some kind of verified address that you can identify before making a payment.
How about
address signing? If you're running an online storefront, you probably already have an SSL certificate from one of the big CAs. Use that key to prove control of the address, and the only checking that needs to be done is a glance at the blockchain to make sure that the keys match up.