the discussion was about finding methods to prevent that, BIP70 with a correctly enforced certificate chain being one suggestion, in which the device can help (by enforcing said certificate chain)