Suppose a person had the software 2.7.12 installed. Is there any method to go back and verify it? I assume the answer is NO because the signature and verification routines always refer to the downloaded installation DMG, not the installed product in the applications direction.
Verify what exactly? That the downloaded file was legit? If so, and you still have the downloaded file... then yes, you can still verify it now.
Have a look through:
http://download.electrum.org/You can see all the old versions of Electrum AND their matching signature files (.asc files) for ALL the OSes/installer types.
For instance, 2.7.12 is here:
http://download.electrum.org/2.7.12/ and you can see the .dmg and .dmg.asc files. Assuming you still have the .dmg that you originally downloaded, you should be able to verify that it is legit by using the .dmg.asc file and GPG.