Re: Other Problems
1. git allows signed commits and tags to record the authenticity of a commit. This relies on the SHA-1 for integrity. If you can't trust the SHA-1, you can't trust the signature.
2. with git, you necessarily don't need direct write access to someone's system to mess their data - only the system which they pull from. This could be some cloud service or some self-hosted server.