I think the mytrezor.com site has the future vulnerability
If i right understood mytrezor.com site uses my xpub* keys for generating new addresses for receiving and checking balance (other way could be as user computer generates new addresses inside by javascript and only sends new addresses to mytrezor.com for balance checking but it's very difficult scheme). If hacker will have an access to victim computer (where Trezor to be attached) he can (by trojans, middle man attack with SSL certificate changing and etc):
1) to catch xpub* keys of users and will know all addresses (current and all new generated ones) of user, can know all balances in all addresses
2) He will be able to change address for receiving to his fishing addresses (right in browser instead mytrezor's generated addresses)
If it possible here may be some workarounds:
1) I don't know how resolve it. xpub keys should be used in computer in anyway - there will be mytrezor.com site or Electrum or Armory, for example. If computer will be infected hacker will know xpub key in anyway.
2) This vulnerability can fix by checking new generated addresses in computer with showing new address in Trezor screen. For example: we ask to mytrezor.com generate new address for receiving. Site sends new address (path of BIP32) to the Trezor by HID interface, the Trezor knows private seed key, knows path of new generated address it generates same address too and shows it in screen. User checks both addresses and if ok - he uses new address for money receiving. It's ideal solution as i think. Because fishing address will differ completely (very difficult to make quickly even 1-3 prefix or sufix) i think will be enough to check 3-4 letters before (prefix) and 3-4 after (sufix) in addresses.
Now as temporaly workaround for #2 may be as: we have Android phone, install there BTCRceive program from Google market, install there xpub key from one account ( BTCReceive now supports only one xpub key from one account
) and do checking new addresses with Trezor addresses. Both systems have BIP32 wallets and new addresses will equal. I don't know fine program for common OSes with full support of BIP32. So i think it's single workaroud solution now.
P.S. If user uses not infected computer but connected through public network wifi or through hecked router he can be victim by using "middle man" attack. Attacker will decrypt traffic, change receiving address of bitcoin and sent encrypted traffic back to user. Yes, here will be other certificate signed by other secrtificate center for site mytrezor.com. But it can happens without any warnings if browser have certificate of such center in storage. It often happens in airports for example (airport of London for example). So it's not problem for implementation
