As Bruce Schneier recently pointed out, MITM attacks are now much more common, and likely to become widespread.
Now, if they used that cell phone message to authenticate the exact transaction you are performing, you'll be much more secure.
Of course, if it's too easy to update the cell phone number, all bets are off.
Where's the 'delusional' mod when you need it?
I've got a bad feeling about this.