I think Open Transactions may be a hell of an overkill for this. Since a single entity is being invested in, that single entity can be the centralized source that keeps all the ledgers and keeps track of all transactions. It doesn't really matter if they decide to change their system or use a different database, either, since all that they have to store is "Address so-and-so owns so many shares, until we get a BTC signed message to tell us otherwise." And if the company goes down, it won't matter which exchange manages the stocks, since they would be worthless. Admittedly, I am only barely familiar with Open Transactions. I just could never figure out the point of using a second layer to send Bitcoin to someone when you can just send Bitcoin directly. Maybe there is a module in OT that already does most of what I described?
Regarding not being able to change someone's balance, I'm not sure why that is required. A centralized exchange can also arbitrarily change people's balances, though that would not be very, um, nice. And not having restrictions on changing balances means a company that controls the stock can do stock splits etc. without needing permission from everyone.
The point is, yes, there would be a single point of failure, and a single entity to trust, but that point of failure and trust is also the company being invested in, meaning the trust is redundant. If you can't trust the company to do basic accounting, you likely shouldn't trust them with your investment. And to get something like this off the ground, I imagine all that's needed is a simple database, and a not-so-simple front-end.