I'd argue that in order to trust what's in your address bar, you have to have "verification": if you're not sure who's on the other end, you can't trust the address bar. Whether that knowledge comes from a PKI system like browsers use now or an SSH-style system is a separate issue.

Well, you will have to look at the server's key fingerprint, looking at the URL will not be enough.

If you're being MITM attacked, you will still see trusted.example.com in URL bar.

I think you're talking more about someone hijacking a nameserver in that case. The vast majority of MitM attacks are on open networks between the client and the ISP, are they not?