What damage could be done if a malicious certificate had an identical "Subject Key Identifier"?
The Subject Key Identifier does not play a role in validation, at least not in the algorithm which makes up section 6 of RFC 5280. It is meant to be an help for path building, the activity which takes place before validation: this is when the entity who wants to validate a certificate assembles potential certificate chains that will then be processed through the section 6 algorithm. Section 4.2.1.2 describes this extension, and includes this text:
To facilitate certification path construction, this extension MUST appear in all conforming CA certificates, that is, all certificates including the basic constraints extension (Section 4.2.1.9) where the value of cA is TRUE. In conforming CA certificates, the value of the subject key identifier MUST be the value placed in the key identifier field of the authority key identifier extension (Section 4.2.1.1) of certificates issued by the subject of this certificate. Applications are not required to verify that key identifiers match when performing certification path validation.
These "MUST" are obligations on the CA: to conform to the profile which RFC 5280 describes, CA must take care to match the Authority Key Identifier of the certificates it issues to its own Subject Key Identifier. Take note of the last sentence: this match is not part of what validation must verify.
It is recommended by the RFC to compute the key identifier through hashing, because it will minimize collisions, thus guarantee maximum efficiency of this extension for path building. However, hashing is not mandatory. CA can choose the identifier in any way as they see fit; and verifiers certainly do not recompute identifiers. This is pure byte-to-byte equality test. Also, I know as a fact that Microsoft's implementation of path validation is ready to build and try to validate paths where key identifiers do not match.
The worst that a rogue CA could do by reusing key identifiers is to make path building more difficult; this might trigger a kind of denial of service for verifiers who do path building through key identifiers and are too lazy to try otherwise. In practice, verifiers tend to build paths by matching the subject and issuer DN, not the key identifiers, so the practical impact should be close to nil.