I am concerned with tampering at the local workstationThen protect it at that level - prevent people from messing with it. It doesn't make much sense to lock one door, if you leave the other door open.
If you still want to do that, write a little md5 checker and use that as wrapper for Mozilla or even build it into Mozilla, you have the source. You'll have to do that yourself, though. Yes, the cracker could replace that checker. That's exactly Mitch's point.
