Bit-flip will be detected by checksum/signature mismatch. Reproduced package matches bit-by-bit.
Of course you may argue - if you are not sure just build yourself. Yes, this is Gentoo. However here it’s not about paranoia, just absence of mechanism to verify.
If you reproduced the package - you can then verify sources to figure whether it has backdors. With non-reproducible build you have no such means. Just blind trust. Or rebuild the world. But then - why to use this distro?
Not with root privileges.