For starters the packages can be signed with GPG. After that, the binaries. Nokia won't allow tampering with the DRM subsystem. Only authenticated resources can access the encrypted storage used for DRM. At least, that is what I understood from the slides.

I'm not sure about the Symbian subsystem being broken by 3rd parties. There are some guides floating around the net for that, but I haven't touched them. If they work these guides can be used by criminals, pirates, hackers (good type) alike...