IPSec can verify the source of the packet.

    A malicious user could send "I hate you." to Alice anytime.


Only the intended users are able to compute the checksum.
A malicious user cannot forge the checksum.
So IPSec can verify the source of the packet.
Then the malicious packet is rejected.