We approach to the state when the whole gentoo-x86 will have signed manifests, so user will be able to validate it's copy of the tree. But there is one major piece of unsigned code: eclass/, so an attacker can put fun code on the mirror affecting a lot of packages this way. PMS says nothing about it.
Bug 64258 already exists for eclass signing
*** This bug has been marked as a duplicate of bug 64258 ***