What if someone created a browser hijacker, malware plugin, or some other type of malware that replaced any detected bitcoin address on a web page with the attacker's bitcoin address?
That seems scary, and almost too easy.