Ok, so, heres what I propose to make the mods more secure/tamper resistant...

When a user uploads a mod, the files MD5 and SHA1 hash are taken and stored in a database, with the corresponding ID.

When an end user goes to install the mod, a AJAX request is sent out to the central server (or a dedicated VPS depending on how big eoCMS gets ) and contacts a hashserv. The hashserv is a simple PHP script that selects the hashes from the database, and then returns them. Once they have been returned, the JS can check if the file given matches the hashes in the DB - or the hashes can be sent to the hashserv, and it returns a 1/0 depending on a match

What do you think?

Well, sounds a bit more complex than one would think, but it would  certainly help.

So what happens when I install a mod that is not in the mods database.
Or if I make changes to a mod because I want it to do more then it does already?

Upon returning an an error, there will be a confirm box of some sort saying:

Integrity/Security of this mod cannot be verified. If you trust the source of the mod, please press ok, if not, cancel the installation.

I both like and dislike the idea.
As a spin off of it, we could do something on the basis of wordpress and make a plugin installer that can search our modsdb and give a list of the mods and then you could choose to install it from there.  This way you know it is good cause it is from our site.  If you install it manually, do it at your own risk.

It was just another security feature - to make sure the end user is gettting the mod they wanted, and only the mod they wanted.

I know, but at the same time, why should we be responsible for mods?  If we ended up with a lot of mods and a lot of users, it would be hard to keep an accurate database as we would have to go through, test, and check the code for malicious things.  I think most mods are install at your own risk, but if they download one from our site that the admins have approved then they should feel that it is safe.

I thought all mods had to pass approval before being added to the mods DB

They do but people can still download them, there is a warning above stating it has not yet been approved and to use it at their own risk