Sending transactions to IP addresses should be removed or at least disabled by default.
As has been stated by many members of the community, it is in no way secure. I also believe that it may actually allow an attacker to determine the identify of an operator of a bitcoin node. Example, I send 0.01 BTC to various IPs on the network and record the IP and bitcoin address (a bitcoin address is autogenerated). If I run or have access to the information at one of the Bitcoin exchanges (or run a store/service that accepts bitcoins) I can then tie that IP address to the user of that site/service. In the case of an exchange I could tie that IP to a person’s PayPal or bank account!
Another possible attack is to connect to a target node and initiate an IP transaction. The target will generate a new address, at which point you disconnect and start again. This might be useful as a denial of service attack.