I love that I can make changes and proceed doing so in the course of building and installing a PKGBUILD from the AUR. So the PKGBUILDs I usually install aren't cryptographically similar to the package AUR would provide, deeming any cryptographic signing mechanism useless.
The idea of signing packages sources is not to prevent modifying or installing modified packages nor to verify signatures of built packages.
It would only check that the `*.tar.gz` you received from AUR has been signed by the maintainer, thus have not been modified by anyone else in-between. Once the sources are verified, is up to the user to do modifications and build packages. But at least you have the certainty about the original PKGBUILD author and source files content.
The official wording of the AUR - unsupported, not to be fully trusted content - leads to the fact that any AUR helper should notify you of this fact every time you use the AUR and offer you editing between any and all of the files involved.
Any AUR helper will still notify people that they are using unsupported packages and will do exactly the same building process as now.
But users would have the possibility:
1. To verify the author and the content of a package source (if they want and if available). 2. To personally/locally trust a maintainer hence simplifying the package management/updates. (Also see Daniel Micay answer)
Regards, ++ Fabien