Well, some comments about the attack you have described. Bazaar has no CLI-way to explore arbitrary revision metadata even for regular branches, not only for merge directives. So if somebody want to harm the project in the way you have described then it's possible to do even today with regular branches. Maybe a bit harder, e.g. you need Linux-based gatekeeper to full around WIndows anti-virus, but anyway it's possible.
Well, some comments about the attack you have described. Bazaar has no CLI-way to explore arbitrary revision metadata even for regular branches, not only for merge directives. So if somebody want to harm the project in the way you have described then it's possible to do even today with regular branches. Maybe a bit harder, e.g. you need Linux-based gatekeeper to full around WIndows anti-virus, but anyway it's possible.