For all intents and purposes, they do though. Using as an input that was originally an output sent to an address is practically the same thing as coming from the address itself. It only really breaks down for more complicated transactions.
The problem is that most clients are in control of a ton of addresses. Transactions often will come from a combination of several of the addresses. And the user has no control over which addresses are used. So a user cannot enter what address(es) a transaction will come from before the transaction is sent.
Bitcrypt works around this problem by having the victim enter the address after the transaction is sent. But this also has a problem. The victim can simply go to this page http://blockchain.info/address/1HKCHx1RFhNHuF3NxLviHdrjNFzJb... and watch for when a different victim sends a new transaction to that address. Then the first victim can claim that payment as their own.
The more cryptographic version is to sign a challenge with the private key that allows spending of the bitcoins on that address to prove that you own the address. Or you know, do what most people do and have a unique bitcoin address for each person in order to identify them.
