Maybe I'm missing something, but I thought that if you didn't have multihop enabled BGP implementations always set the TTL to 1 and required the same on receipt...? If that isn't the case, yes, ttl-security looks like it would end you up with the same level of check, and TTL checking is a very good thing.
In virtual-circuit networks like MPLS, while malicious party access is a consideration, also don't discount the possibility of a carrier misconfiguration. Sometimes things can get accidentally connected, disconnected, misconnected... it sometimes happens. That's unlikely to cause a session to be able to actually come up, though, because the other end's IP address and ASN won't be right.
Also, always use TCP MD5 (or IPsec) to protect your sessions. I have heard some folks complain that remembering keys and keeping both ends configured is hard, and their NOC folks might not all be able to track that info, configure it, and diagnose it. If you can't deal with a static shared key, how can I possibly trust you with the rest of any serious BGP configuration?!
