The SKS network is append-only in aspiration. There is nothing like a Merkle tree stopping a server in the pool (or a MitM) from serving a fake key to a client. The whole point of tlogs is holding systems like that accountable. Also, the section on VRFs of the article addresses precisely the user removal issue.

A single SKS server can not serve a fake key, only a valid key that existed in the past. This might be done to maliciously unrevoke a key. The normal PGP key integrity prevents straight up forgeries.