In the short term, the threat model should note the possibility that epub files are altered between the author and the reader, or that a book is distributed claiming to be the authentic work of someone else but with no feasible way to verify it.

In the long term, epub should use package-wide signatures (or some other mechanism) to provide at least the option for authenticity and integrity via PKI.