This vulnerability is discussed in detail on the bootstrap page, but it is absolutely worth discussing further. The risk is that the copy of the blockchain could be tampered for individual users, but could not be tampered for other users syncing the blockchain from other nodes.
The hash of each block is checked against the blockchain when new nodes sync conventionally peer-to-peer, preventing propagation of “counterfeit” blocks. This hash checking of blocks forms the foundation of blockchain distribution, and is what prevents malicious nodes on the network from trying to distribute counterfeit blockchains. Furthermore, such tampering would be identified in the database during the wallet sync/transaction location process in the wallet module.
TL;DR: We could, theoretically, modify the blockchain for users who download the snapshot from us. Such tampering is completely unable to propagate, however, and would be identified during the wallet sync process.