Users should be prompted to verify the identity of the key they are signing

Users need to both be warned of the possible insecurities of signing the key public key of someone they don't know well, and asked to provide some kind of secret information to prove that they really know the person. It has been suggested that we provide a prompt for a secret info phrase, and encode that info in the data blob sent for "friending". We then warn the user in scary red (or something equally warning-like), that sending the secret info by email is a BAD IDEA. On a similar note, there should be similar red text warning the user when they select to sign the key with the highest level of security. We want to scare people away from casually signing at the highest level because it's easier.