Indeed. This situation is likely to be what the GPLv3 is going to address. If you distribute an open source program for a treacherous machine under GPLv3, you not only have to provide the source code, but also a means of ensuring that the recompiled code is usable. Which means that if the binary needs to be signed by trusted keys, then you must also supply a set of trusted keys along with the code so that someone who modifies the code can use the result as well.