You have to trust someone and so far Google has shown that it hasn't breached that trust. A standard rule in life is to initially trust someone until it's been broken once.
Perhaps Google is simply waiting for the right, most profitable moment to break everyone's trust...
Protecting the envelope sender protects from bounces being sent to a spoofed sender, though there are other ways to do this on the sender's end.
Potentially SPF, Sender ID and DomainKeys could be used in concert since there are no conflicts between them with the exception of Sender ID's re-use of SPF v1 records that may not have been written with Sender ID's PRA in mind.
Someday somebody has got to decide whether the typewriter is the machine, or the person who operates it.