What are the security implications of homebrew and macports?
If I am understanding your question correctly, it boils down to:
Homebrew changes the permissions of
/usr/local/binfrom the defaultdrwxr-xr-x root wheelto the less securedrwxrwxr-x myuser admin. What are the risks?
As you point out, your user (or anyone in the admin group, or any virus that manages to run as you) can now install software, including over-writing default system stuff.
How big of a problem is this?
Multi-user system
On a multi-user system like a server where there are other users logged in, this would be a big problem. I don't have access to a Mac, but I assume my linux box is similar enough; /usr/local/bin is empty (nothing to replace) but
$ echo $PATH
/usr/local/bin:/usr/bin:/home/mike/bin:/usr/local/sbin:/usr/sbin
So assuming that other users have the same bash config as me, then it looks in /usr/local/bin first. Therefore I could put a malacious program called ls in /usr/local/bin and the next time someone tries to navigate the filesystem, my code will run inside their user account. The nefarious possibilities are endless.
So I would agree with you that this is a problem on a multi-user server.
Single-user personal computer
For all intents and purposes, there is only one user on your laptop. xkcd illustrates this quite well:
If an attacker / malware / etc has already gotten inside your account, then they have all your data, it's only a matter of time until they keylog you typing your sudo password, so do you really care whether they install further malware in /usr/local/bin or put it in /home/myuser and add that to your path? The end result is the same.