"It could be fixed in a manner such as I suggested. Cyanogenmod already features functionality to override services on a per app basis. It just needs to be implemented in the standard Android build so it can percolate out into all devices and become the default behaviour."
I totally agree that this *could* be done, but it would then potentially require a change to all apps to react to this, as you design with the assumption that you get what you have asked for as otherwise there's no install. As I said, it's a matter of opinion as to which way you want to go, but it's not an explicitly broken model. It offers controls, and some people don't pay them enough attention. A second layer of confirmation would then introduce annoyances for some while protecting others - it's going to be a matter of personal choice as to which you think is best and in this case they haven't gone with that.
A better solution would be to encourage people to care about the permissions more and, as someone said above, a big problem is permission bloat from lazy developers. I avoid apps with too many permissions, but I can understand that some users start to, as a result, treat permissions in the same way I treat most EULAs. Scrolly scrolly, accepty accepty. Read? Nah. Already have too many of those long things to read.
Unfortunately this is where Google fail massively IMHO. The dev documentation really doesn't stress the benefits of aiming for mimimum possible permissions, big publishers are pretty lax about their own requests so set a bad example, and the market (sorry, Play) doesn't enforce detailed per-description permissions to make devs think about what they're putting in. Google could influence all of these factors. I had a look at PhoneGap the other week and was appalled to see in their getting started guide they just suggest pasting in a massive list of permission requests to the Android manifest! That sort of rubbish really doesn't help keep the permission bloat low.