I’ve touched on this before, but it just occurred to me again: Normally, the receiver of a Bitcoin payment can’t trust that everything’s OK just because she sees the transaction (which is signed with the sender’s private key); until she sees the transaction becoming part of the main block chain, there is always the possibility that the sender is cheating by double-spending her coins. However, since only the account owner (who has the private key) can create transactions that withdraw coins from an account, it’s possible to build up trust over time: if Alice has made several payments to Bob in the past, and they all worked out, Bob might start to acknowledge Alice’s transactions before the block chain proves that she didn’t cheat, cutting the delay to almost zero. This would make Bitcoin practical for a number of applications where a half-hour transaction verification time is unacceptable, such as micropayments in peer-to-peer networks.
Using a web of trust or similar, Bob could even start trusting Alice without having to have a personal history with her—she just needs to have a history of non-cheating with someone he already trusts.
Interestingly, if Alice ever does try to double-spend, the conflicting transactions she produces will (when seen together) provide absolute proof of this, so a trust protocol would probably be complemented by a protocol for gathering these proofs of double-spending. Since these proofs don’t rely on trust, they will be effective enough that no account can be used to attempt double-spending more than once.