So the biggest security threat to the blockchain.info wallet, IMO, is someone somehow injecting javascript that snatches your account password.
Should we create a way to tell if the code has been changed or been compromised? It could be as simple as a site called blockchaininfocheck.com, and it would simply download the blockchain.info site to your browser and do an MD5 hash on the relevant javascript that handles the online wallet functionality. It would then compare the generated MD5 to an MD5 of a known good copy of the blockchain site. If the MD5's match, it could tell you and forward you to blockchain.info since it has been deemed safe.
This could also be developed as a browser extension/plugin.
In this way, an attacker would need to compromise the blockchain.info site AND the 3rd-party blockchaininfocheck.com site.
Does something like this already exist?
Discuss.
Totally concur, we desperately need something like this.