Thanks for this. I think it’s more an architecture issue. As the worldstate integrity is not protected in data structure of blockchain (rather, it’s transactions inside blocks that “generate” the worldstate), there’s always a chance to tamper the worldstate. CouchDB just provides a means that I can do demonstration. Think of someone hack into a peer node and do the modification on the worldstate.
Ideally the peer shall not use tampered data once detected. Using endorsing policy like my demonstration is practical but not the best way.
As a comparison, in Ethereum each block contains a root hash of the worldstate. This serves as first protection against state tampering.