Yeah, I think that could go a few ways. For embedded (inlined) record data an embedded signature by the authority could go a long way in ensuring the data isn’t tampered with.
{
"$type": "the-location",
"name": "Bob's Burgers",
"signatures": [{"issuer": "did:web:bobs-burgers.com", "signature": {"$bytes": "..."}}]
}