[nebulous1]

Why would that be better though? How are you going to verify the contract that the deployed contract is deploying? How are you even going to verify what message you're sending to the already deployed contract (assuming the user isn't technically knowledgeable). You can have a third party (etherscan for instance) verify the contract after it's deployed. My main point here is that this is a complicated system, and there's only so much somebody who doesn't really understand the basics can be protected from it.

Even the web example you gave isn't as simple as it first appears. Just because you fill in a form with certain details doesn't meant that's what the page is actually sending to the server. Most of the time this isn't an issue, as you "trust" the page you're on not to fuck around.

[albertgoeswoof]

> Even the web example you gave isn't as simple as it first appears. Just because you fill in a form with certain details doesn't meant that's what the page is actually sending to the server. Most of the time this isn't an issue, as you "trust" the page you're on not to fuck around.

This is what blockchains bring, you don't have to trust the web page any more. With a dApp you know exactly where that form is going and what's going to happen, with the web you only know a POST request is outgoing somewhere and hopefully it'll be handled correctly. It's not something that's easy to understand yet, but one day it might be.

> How are you going to verify the contract that the deployed contract is deploying?

Go and look at it, compile + compare the source etc.