It’s great you guys are trying to solve this problem. Isn’t there still a weak link here? For example, I publish a web page that does all the fancy checking and somehow display the tokensale address along with the evidence to the token buyer. *That web page can still be hacked/altered*: hacker simply swaps the good address with another one, and doctors the evidence to match the hacked address.
We almost need the web browser to tell us about possible problems — like when TLS/HTTPS problems are detected by the browser and the browser tells us about it in a conspicuous location off the web page.
We could also have a more standard tool for investing in crowdsales, but that reeks of more centralization/risk.