Yeah, if you've already gotten a public key set up (and an account on the target machine), then scp is much easier and completely secure. magic-wormhole is more aimed at situations where you don't yet have that pubkey copied over. Or where your receipient doesn't want to give you an entire account just to receive a single file.
In fact there's a mode (kinda experimental right now) to use magic-wormhole to transfer an ssh pubkey into the ~/.ssh/authorized_keys on a new account. Ideally your site admin should be able to give you access to a new machine with a wormhole code, instead of having you email them a pubkey.
* the network-side attacker gets to see and modify all your data
* the receiver must have a public IP address
* the receiver must tell something to the sender, which is the opposite of the direction the data will flow
* you have to transcribe your IP address and port number to the other person, which I always get wrong (so many meaningless numbers!)
* you don't get much confirmation that all the data arrived, or that it arrived accurately
The wormhole code uses a wordlist that was carefully designed (not by me.. I'm using the PGP wordlist, as used by PGPfone and Zfone) for accurate spoken transcription in noisy environments. So it's more likely that they'll type in the right thing.
