Except verifying outside of Android tells you nothing about whether the application as installed on an actual device has been tampered with, so you don't really gain any security from this.
they could push an update that makes it appear like the author signed version is on the device, but in reality a different version is run.
they control the keys to the software delivery channel and the operating system. large parts of this are closed source. users and developers trust them and that's just how it is.
that said, it's not pretty and i hope it's just a backwards compatibility stopgap as discussed upthread.