You can guarantee that the system apps haven't been tampered with, at their system file paths, because of System Integrity Protection. But all bets are off if you make a copy of a system app elsewhere on the disk.
Right, I meant “deep code signature” rather than “executable code signature”, thanks for the correction. I think macOS has a thing where it only checks the former the first time you launch an app and not after that, so you can scribble all over the resources and the system won’t care. Presumably this was thought to not be a big deal, but you showed a pretty good example of how you could launch a data-only attack on the privileges associated with the program :)