Here's an interesting article on fraudulent use of Google Adwords to plant key loggers on client systems. It's an example of another crafty way that the criminal community is finding to exploit ambiguity about who you're connecting to. In this case the criminals were passing through a site that installed a key logger on the way to the real site. But it's equally easy to imagine setting up a bona fide phishing site or an entirely fake online store/bank/loan site/trading site to do the same thing.
Enter authenticated identity, AKA Extended Validation. Now when you click on an Adword that appears to be from a business you know, you have better methods of verifying that it's truly that business. And if you get scammed by a site buying Adwords, you will know who to sue. Either way, it's a big win for the end user of Adwords.
It's also a big win for Google, of course. With estimates of the paid search industry falling in the tens of billions of US dollars by 2010, Google and its peers have a lot to lose if consumers stop trusting the safety of these paid links. I hope to see the leading search engines instituting some kind of trusted site mechanism whereby sites with authenticated identities would be indicated as such in the interface, for both paid and natural search. Technologically it's quite feasible. We just need for the search engines to take authentic identity as seriously as their audience -- the people who click on links and go to Web sites -- does.