It opens the door for more peer-to-peer distribution in the future.

Imagine if every Guix system published their builds (as an opt-out setting). Then even if you modify a package's build options, a few other people might have made the exact same modification and you can download the built artifact from them.

No, because then you have to trust those other people to not build the package maliciously.

Sure, but what's the likelihood they're all compromised? Let's say 3 people have to build it (and publish the hash) before your client will download from one of them.