Although PGP-signed Release file prevent tampering with files, the
attack doesn't require tampering with files or tampering with signed
release files. If I were to MitM security.debian.org, I could provide
an outdated (yet properly signed) mirror of the security packages to
you. I would simply supply, via a MitM, a mirror that was not updated,
so that the packages you were getting were valid and signed. They just
are out-dated, so that you would not receive critical security
upgrades.
Following on that attack is the fact that its easy to join the mirror
network and once you are in, you can do the same thing as above and
keep your mirror a day or four out of date, so that people who use
your mirror aren't getting updates for issues that enter through the
normal channels. You also have a list of IPs that use your mirror that
don't have these updates.