you're trusting the operator to return the right ip address, and not returning something nefarious. it's definitely not as secure as using the raw address, for example.