[lorenzhs]

You can verify fingerprints (manually or via QR code, example screenshot: https://info.securityinabox.org/sbox/screen/textsecure-en-1/... ) if you're concerned about MITM. You will be warned and need to manually accept the new key if a person's key changes.

Your "proper way" requires people to actually meet before they can begin a conversation, which greatly limits usability (you couldn't even test the app without a friend sitting next to you - who would keep an app they can't even try out on their phone?).

[devit]

Yes, using a central server should be possible, but the application should ask you whether your friend is with you and if you say yes, it should use the QR code/NFC method instead (which also has the advantage of working with people you just met and haven't otherwise added to your contacts yet).

If you say no, it should clearly delineate how an attack could take place and advise you on how likely it is.