A MITM could replace the redirect with malicious content, as described in the blog.