[raghava]

Yes, I understand that BITB+MITM is a huge risk. But my point was that most who want to run BITB won't typically have the means to run an MITM along with it. (unless 'MITM within a browser' becomes a reality!)

I was trying to say that the dynamic security element helps in filtering at least the most common kind of attack, which otherwise leaves consumers to bear a very large risk.

[noodlesUK]

Perhaps this is the thing that I don’t understand. Why wouldn’t an attacker have such means? This attack isn’t something that requires control of the network, it’s just a fantastic way of producing a lookalike page.