Right, those are real issues with the indeed interesting suggestion.
1. The user directory may not yet be mounted. Suppose it's mounted from an encrypted volume, and the password for that volume is the user's password. It's a pretty legitimate use-case and I'm pretty sure many people already do something similar using PAM.
2. The ways user can mess with the directory under his home are somewhat limited. If the protected directory has at least one file, the user won't be able to delete the directory. However, he can rename it, and create a new one with the same name. Now we can check the permissions of the dir (user can't chown to root), and it even shouldn't be racy thanks to openat calls. The problem is that the account's aging info would be inside that protected directory, so by moving it out of the way the user could cause some trouble with loss of that management data.
Anyway, it may be worth to try more and find some solutions for those problems, maybe by using some slightly different approach. Such discussion is certainly welcome, either here or on the project's mailing lists - see http://code.google.com/p/hardened-shadow/