I agree that the invite links can be made more secure. There is also discussion about this in this thread:
I made some suggestions here that address your concerns and @link2xt described here generating unique QR codes that let you add a “context” which would solve the problem you described:
I think this would be a good feature for Delta Chat to have.
Not really. If you give somebody your number and they send you an SMS later, then you arrive at the same situation where you can’t be sure it’s from the same person just because there is an “opaque number”, unless you already know that person’s number in advance. And you really shouldn’t trust the sender’s number anyway because SMS spoofing lets anyone trivially change the “opaque number” to anything they want. SMS is not a good example of security in this context or any other context I can think of.
For what it’s worth, a Delta Chat account is linked to an email address and an identity key. The app normally hides these details from users for reasons but you can still view a contact’s email address and fingerprint if you want to, and I think the app warns you if a contact’s email address or fingerprint changes, but you would need to ask the experts about this.
The problem is not that anybody can choose whichever name they want, but the limitation of only being able to use one QR code/invite link at a time and not having a way to add a “context” to a QR code/invite link.
An alternative approach to address the problem you described would be if both contacts scan each other’s QR code, instead of just one person scanning the other’s QR code, although the developers don’t favor this approach.