Are there any similar mechanisms in place or being planned to ensure the SAFE Browser and other binaries that users download have not been compromised?
The immutable nature of the data ensures that if you use the same datamap you will always get the same binary which cannot be altered.
That makes sense for apps which are distributed via the SAFE Network. But what about vetting that first copy of the SAFE Browser?
Indeed something to look into
How many users of firefox bothered to check hashes? I suspect that the majority of users over the long term will do as they do with firefox/chrome and that is trust the source where they got it from.
We could of course have an APP that is highlighted by the account creation process that downloads the latest binaries off the SAFE network. Still not perfect but should help in many cases.
The installers will be signed, and, after the first install, you could use the Safe network itself for updates/upgrades. Once underway, the binary of the network could be extremely safe.
Of course, nothing prevents from doing stupid things.