Rest assured that DFINITY will always be reviewing any SCM proposals!
The reality today is that there is already nothing technically stopping anyone submitting such proposals. DFINITY itself uses a diverse set of neuron IDs which are not cryptographically verified to be acting on DFINITY’s behalf. So we all have to be on guard for the inevitable eventuality that someone else submits an SCM proposal.
Which leads me to think it’s better to normalize the process which we will need to safeguard the system, than rely on it not happening and being a rare event which catches people off guard.
I also agree that one of the possible trust signals is “do I know who the proposer is”, but given that compromising a “trusted account” is a major vector of cyberattacks today, I would not place too much emphasis on it. When it comes to critical parts of the system, better not to trust & verify.