[arch-general] pacman security when importing new keys?

Hello, today, pacman asked me to import a new signature key. So far this was done "automatically" using a keys-package, which, itself, was signed with a trusted key. How is the new mechanism secured? Is the new way, to bring keys to users, prone to MITM attacks? Thanks in advance. Manuel