Huh? How is keysigning *packages* a security threat? Sure, signing all outgoing connections from my machine can be a (real life versus technological) security risk, but I cannot agree that not signing packages is some kind of feature.
If you're a hacktivist trying to stay hidden, I don't see how posting *public* builds on Arch would be leading to your goals. In any case, why couldn't it be Arch's key signing packages that go through the buildsystem (and making sure only verified developers submit builds to the system). What I'd like (if I were to consider using Arch) would be to make sure that what I have is what the buildsystem made. I don't think the build system has any notion of anonymity and it would hold no authority (at least to me) if it were anonymous.
If you think that people want an Arch machine to GPG sign all outgoing traffic either people are proposing outlandish signing policies or you're propping up a strawman.