Do keep in mind the prior part that explains why they reuse package IDs and use signing keys that way; F-Droid aims for reproducible builds[0]. They also to my knowledge do respect developers that want a different build ID/package title to be used compared to the "official" version. The F-Droid version of Island for example is called Insular specifically to avoid this issue.

PrivacyGuides' motivations here are really aimed for a specific type of user (and I'll note that it's slightly odd for them to place so much faith in a point of origin that's historically been the easiest to compromise: the upstream developer usually is the easiest target, particularly on otherwise dormant software); the tradeoff F-Droid does might be more worthwhile for most people in that they act more like a linux distro maintainer, so there's a second set of eyes to prevent any shenanigans from being afoot on the upstream.

You can as I understand it run their actual servers rather easily (provided you have the computer space to do so)[1], so solving that is pretty easy, should you feel inclined to do so.

[0]: https://f-droid.org/en/docs/Reproducible_Builds/

[1]: https://gitlab.com/fdroid/fdroiddata contains all the files used to generate their servers, should just be able to combine it with their guide on how to run a buildserver on https://f-droid.org/en/docs/Build_Server_Setup/