I suppose the best way to see if it works would be to run it on yourself.
It doesn't work against one person, it works against all at once. I checked for my name but it wouldn't even weakly match me against anyone above 1 trust rating.
1) Can be reverse engineered
1b) Can be used to impersonate others
On both accounts the answer is: It can, but its always going to happen. You can impersonate people by name, email address, BTC address etc.
2) Overzealus witch-hunting
Again always going to happen but not entertaining it can remove most of the problems. I can also manually recheck unusual links (Ie a suggesting that John K is Theymos, or that BadBear is God).
3) Privacy
Trust lists are public AND they're compiled and posted already. If you feel there is something to hide in your
trust list, then maybe that rating shouldn't be there in the first place.
4) Drama
Anything and everything will lead to more drama.