Bad for privacy
IP addresses are easily unlinked from identity. Courts have ruled repeatedly that just because some communication happened over an IP address assigned a customer of an IP, it does not mean that customer did those actions or is liable for them. IPs leak location quite accurately, but identity, not so much. IPs are very anonymous still, identity-wise.
difficult for consumers
Agreed, I'm thinking of ways it could be made less difficult. The alternative of emailing attachments or using a relay also have considerable drawbacks.
subject to MITM
Technically yes, but in a practical sense, not really. Aside from disrupting my flow, what could be accomplished with a man in the middle? If an attacker (assuming a 1 party to 1 party payment) intercepted my slate, added their own signature and returned it to me, would I have any way of knowing? Would I unknowingly add the third signature to the slate and broadcast a payment to the attacker? Genuinely wondering.
if you had Igno's IP address
how? Subpoena'ing (spelling) the ISP, going to that address, knocking on the door, and saying, are you igno? Is anyone whose ever signed into your Wifi igno? Have you ever run an open IP relay on this internet? Is anyone who has ever signed into your IP relay who is Igno?
And a MITM could easily add their outputs instead.