Allan has already declared that he will not change the default makepkg.conf, on the grounds that #2 is the most likely scenario for people getting malicious packages. He also wants everyone to know that updpkgsums and makepkg are perfectly okay with maintainers changing the defaults, people who don't know there are defaults to change are probably not your best bet security-wise, and the only real security is either PGP or strong checksums posted by upstream on a second website. Also, that changing the defaults will encourage a false sense of security when people think that checksums have any validity in authentication.
The only change I can think of would be some way for the PKGBUILD to distinguish between "official" checksums (to defend against all cases) and "unofficial" checksums (to defend against #1 and #3). But that's a matter for arch-dev-public.