There is another option, that is to use encryption that is resistant to the man in the middle such as public key encryption. So prior to registering a username and password, a temporary key pair is generated by the users client. The private key is held by the user, the public key is encrypted with saidit's public key and sent to saidit. That means only saidit can decrypt that to retrieve the users public key. The user’s public key is then used to encrypt and send the user a shared encryption key that is used by both sides to encrypt the rest of the traffic after that, which includes the users account registration.

The point of all that, only saidit can link username to ip address and only saidit can know username and password and real world identity, therefore protecting users from the kind of intimidation tactics in retaliation for criticising government. We already seen how the FBI issued search warrants for everyone who responded to a guy on 8chan who commited a murder. How long before they set up some shit like that to incriminate us? We are already on that slippery slope its just a matter of time in my opinion.