4. Directory service could be modified to enable a MITM attack? Yes This is incorrect, as there is no user directory service at all (and no knowledge of even the number of users), and MITM by servers is not possible by design, even without optional security code verification (that exists to mitigate MITM by the channel you used to pass one-time invitation link, e.g. email).