The problem is that arbitrary users can cause nix to unpack arbitrary nars and edit arbitrary files that user shouldn't have permissions for. The system doesn't have to be configured to trust any particular binary cache. This is just straight up persistent privilege escalation, plain and simple.