Good solution indeed.
The wallet starts displaying Beam and BeamX only (those are the only “official” ones, with check mark and all). Displaying any other CA (if possible, wallet-wide) would only happen when their ID is explicitly whitelisted somewhere (in the settings, I suppose).
To make it easier for users, entire sets of CAs can be whitelisted at once by selecting some predefined lists of trusted CAs (e.g. the “Beam Team list”, the “BeamAssets.com list”, the “DAO-voted list”, etc.).