This seems perhaps a bit far fetched, or at the least, indicative of preexisting problems. Nevertheless, put it all on the blockchain, what could go wrong???
Adding this to my list of “we tried to increase security by adding something, only to introduce a new problem” examples.
It’s still a net improvement. I care a lot more about preventing Symantec from giving out signing keys to random yahoos than about WordPress needing to change their install procedure to be slightly less convenient.