Sending by IP requests a new public key, so yes, it's vulnerable to type 1 man-in-the-middle.
If that's a concern, sending to a Bitcoin address doesn't have that vulnerability,
although there's a small privacy tradeoff.
I have a feeling most of the time people will get Bitcoin addresses off of non-SSL websites and
unsigned cleartext e-mail, which is already vulnerable to type 1 and type 2 through DNS poisoning.
One solution would be to use both the IP and Bitcoin addresses
when sending (maybe 184.108.40.206- 1Kn8iojk...),
where the recipient uses the public key of the Bitcoin address to sign
the new public key to prove that you're sending to who you think you are.
If the system starts to be used for real business purposes, I will certainly implement that.
Another solution is to use SSL.
For now, it's pretty obvious that if you send to an IP, you didn't give any other identifying information
about the recipient, so you're blindly sending to whoever answers that IP.