The (an?) author addresses this here https://magic-wormhole.readthedocs.io/en/latest/attacks.html but I think characterizes the attack poorly: it's not important that it's low-probability that an attacker can pull off a MitM transparently, all an attacker needs to do is be able to guess the channel + code words before the receiver receives the message. The default is to only use two code words, so 65536 possibilities. I don't think it would be hard to open 64k connections very quickly, so this seems like an easy-to-win race. Maybe I misunderstand the math.
I don't think wormhole should be used for anything important without a private rendesvous server, and if you have secure access to a private rendezvous server, why bother with wormhole?
That's not how the protocol works. A single failed guess terminates the connection and alerts the sender that an incorrect code was used and someone might be attacking them.
If you are concerned about guessability you can use more than 2 words. You can also use strings that are not in the default word list (the only thing the default word list gives you is tab completions).
edit: Also the "wormhole" spec that keys.pub has is not related to magic-wormhole.
i find it weird they reused the name "wormhole" without refering to the original "magic wormhole" either in design or credit... Seems like the potential for user confusion is kind of huge there...
