Isn't that already a problem with the current system? It's already based on DNS, like almost everything on the internet, just with the extra step of a webserver.
I imagine DNSSEC could solve much of that.
Discussion
Yeah, the current approach is already entirely reliant on DNS security, so OpenAlias would have the same concerns (and solution in DNSSEC) while removing the hosting/infrastructure requirements.