#mcp is going to need to rediscover all the #security pitfalls of URI invocation that plagued #mobile devices and were ultimately solved through mechanisms to claim authoritative use of URIs to prevent applications from hijacking them.

MCP has two likely weaknesses by design: 1) Tool invocation hijacking (there's a global tool registry indexed by tool names and URI-like namespaces but zero assurance the right tool is bound to that namespace) and 2) Resource hijacking ( represented as URIs)