There are a few challenges with this, namely that as far as I understand releasing a crate right now involves building it, which may involve procedural macros, and in that case it's tantamount to RCE. It'd be nice if such a build system wasn't a terrifying single point of compromise.
I covered some ways to address this, specifically through the use of reproducible builds and scoped credentials, in my Rust Bay Area Meetup talk on Macaroons last year:
https://air.mozilla.org/rust-meetup-february-2017-02-09/
(start at 32:15)