An application like Xfer could also function, be implemented, without receiving user funds, in which case it would be safer.
How? if Xfer app would act as a API node, users would broadcast transactions to it and it would act as a filter not broadcasting transaction that are deemed to be sent to wrong address.