It's worth expanding on that downside: the interaction can be asynchronous, it's not a requirement that the two parties be online at the "same time" or even in the same week.
In other words, less of a downside than it may seem, but it is a real shortcoming since it precludes sending to the equivalent of a cold wallet.
How would an asynchronous transaction work? If you're posting your side of the transaction publicly, doesn't that expose you to a MITM or spoofing attack?
No, the handshake requires the two public keys engaging in the transaction, no one else can complete it.
They can be MITMed by an attacker spoofing the identity, but this is no different from a MITM inserting a different BTC address into a communication stream.
In other words, less of a downside than it may seem, but it is a real shortcoming since it precludes sending to the equivalent of a cold wallet.