New nodes download the entire UTXO meta chain (step #2 in the summary I posted earlier). This chain is protected by PoW. That's it. By knowing the accurate UTXO tree fingerprint, they can safely build the UTXO tree.
Ok, I'm convinced. As long as the UTXO meta chain is verified by the system, that's fine. I thought initially that it's a separately maintained data structure. If it's integrated in the Blockchain, in the sense that an invalid utxo would cause the entire Blockchain block to be rejected, then it's fine. In this case you're not adding any principles to rely on, and security is essentially intact as far as I see.