For the sake of your users' privacy and security, use TLS (or IPSec) and a certificate that identifies your server. Anything sent in the clear is vulnerable to eavesdropping and tampering, whether or not the destination IPv4 address appears to be under your control.
You should make a web site with examples or a report of the kinds of traffic you get. I'd do it, and get a zillion hits on it and probably some press attention, but it's your idea.
You have a really good point.
I still get requests to my dedicated server at Softlayer for the Facebook app which used it before me. I've had the server since mid-2008. Really, this seems like a problem on Facebook's side.
The bigger problem is trying to run a mail server on EC2. You can't, really, as a lot of providers are still doing (stupid) IP based filtering.
Am I the only one who get's frustrated by 'considered harmful' titles? Sorry for being off topic.
EDIT: I'll give you that it's not as bad as the whole (win|fail|this) thing that's becoming popular.