. . . if your bank sends you sensitive information in emails or allows online banking without HTTPS, then there is something dreadfully wrong with their security and you should withdraw all your money immediately and take it somewhere else... before someone else does . . .
. . . Please re-read the original post. This question has nothing to do with modifying Bitcoin transactions, it is about modifying Bitcoin addresses as they appear on a webpage, before a transaction is made in order to trick users into sending coins to the attacker's address . . .
I'd say the same should be true about this second point as the first.
If someone sends you sensitive bitcoin information in email or allows online access to sensitive bitcoin information without HTTPS, then there is something dreadfully wrong with their security and you should refuse to do business with them and take your business elsewhere.