Given that this article is about mitigating the risk of someone doing precisely that, i don't think "all bets are off" is a good position to take on that scenario.
To summarize TFA: lets encrypt is now verifying domain ownership from multiple data centers. The idea being if someone tries to mitm the verification process (through bgp hijacking or whatever) its much harder to do that across the entire internet and go unnoticed then it is to do it on just one network path
