[joshd]

> Right now, users are "trained" (to dignify what's happening) to look at the browser URL bar for a name and a lock icon.

If only that were true.

A payment gateway I stumbled across the other day (http://www.centricom.com/flashdemo/POLi_demo.html) gets the user to download an application which they use to log into their bank from. The intro video instructs the user to check the address bar and the lock icon in the fake browser they've just downloaded. The best part is that the payment gateway goes through all this so they can edit the HTML of the users bank and inject payment details.

One of the Australian airlines is pushing this instead of Paypal, and it's getting real world use.