Well, since the issue was finally closed I will reply here.
I don't understand this example - if the destination is compromised, then
why would there be a need to modify the clipboard? They just capture the
data as is and exfiltrate it - you are hosed, and the Qubes clipboard is
the least of your problems.
At destination there is nothing useful to steal (at least not bitcoins)
the bitcoin address is not useful for the attacker, it is a public
address and private keys are in other uncompromised offline vm.
What the attacker tries to do is replace your address in the clipboard
to other address (controlled by him), in the hope that you paste it to
someone who wants to send funds for you.
I'm agree that the attacker could do a lot of additional things but many
of them are more difficult, prone to fail, prone to cause detection. So
I don't think it is a justification for not having a more secure
clipboard and also easier to use which was the main objective.