@darius To verify accounts associated with a public website (like newspapers or broadcasters):

You could diminish the "harassment" aspect by having the "trust.txt" document actually be a list of *hashed* accounts.

So when you want to verify whether an account is associated with a website, you can check this one-way (without being able to scrape the full trust.txt).