> The protocol is the protocol.

"Bad people" do not follow the protocol. They do whatever the fuck they want to and there is nothing you can do about it.
In security you *NEVER* assume your opponents will follow any rule. That's not security at all.

Anything which is possible mathematically and physically and ins't too expensive *will* be done by your opponents. That's what you assume in security. Act accordingly