This is what I immediately thought too. I don't think even NTP servers screamed this much potential for abuse by the time th standards were being drafted. However, I imagine this to use TCP and not UDP (didn't real the whole RFC yet), which mitigates some of the attacks.
Browsers will need to update their same-origin policy so that a change in IP address will block same requesting a different site under a different name.
This would mean that long-lived single page web apps would need to be hard-refreshed every once in a while when, through no fault of the app developer, all the IP addresses that their domain name resolves to have rotated.
