[gnaritas]

SSL is unnecessary for accepting Bitcoin payments, there's no reason at all for SSL to be used on this site.

[icebraining]

What if I MITM the site and replace the seller's address with mine?

[zferland]

that typically would be a concern, but our first version is built only with a Coinbase integration, and all payments are handle through their merchant services and their payment iframes. Once we implement our own payments we will have to handle this appropriately.

[icebraining]

What if I replace the iFrame URL with an URL of a cloned page? How can the user be sure that it's really Coinbase's form?