To what end? The worst case is you could make the client believe there is a new version, then they would attempt to go get it and find none available. This would be annoying and nothing worse. I suppose if there were a known issue, then a man in the middle could somehow prevent you from finding out about the update... but if you have a man in the middle... they could just as easily block ANY DNS activity heading to grc.com and achieve the exact same result.
Also, the apps in the system should not being managing DNS... that is the job of the OS. If the OS supports DNSSEC then so should any app running on it.
@PHolder : And an additional complication is that this would require on-the-fly DNSSEC signing, since these GRC records are not static. Eventually, I'll enjoy mucking around with DNSSEC, but, as you suggest, it's far from the top of my list.