Thanks! I'd argue intent validation can be done in various forms though, such as an encrypted software wallet or 2FA key (f.e. Blockstream Green).

I think there's actually a lot of room for improvement in address verification, for example signed deposit addresses.

At least for withdrawals, most exchanges nowadays make you confirm the bitcoin address via email, which the user can (and should) check on another device. This is not the case for deposits though. BIP47 payment codes could help with this, but unfortunately have other downsides, like poor light client support.