Perhaps giving a bit more information than throwing out random acronyms related to SSH would be a bit more fruitful in terms of responses.

What about TOFU and MITM would you like them to respond to? TOFU isn't inherently a bad thing. Neither is MITM. It depends on the threat model, the actors involved, etc.

Your comment (and the snarky followup) imply they're doing something wrong, but it's unclear what.