I would rather we spend time working to make users' bitcoins safe EVEN IF their bitcoin software is compromised.
Eliminate the "if you get a bad bitcoin-qt.exe somehow you're in big trouble" risk entirely, instead of worrying about unlikely scenarios like a timing attack in between ACKs/pulls. Eliminate one piece of software as the possible single point of failure...
--
--
Gavin Andresen