I also take "precautionary" measures before dealing with unfamiliar skins, but it's much simpler than changing file association: renaming the package by adding a .zip extension to the .rmskin one allows the same thing (removing it allows standard handling by the skin installer). All this without any system-wide change.
The advantage of this approach is that it can be used on an individual basis when needed, while still keeping the ability to quickly double click to install packages one trusts. The disadvantage, it has to be done on any package one doesn't trust. So I suppose it's a question of numbers between them.
That being said, giving control to the user is indeed incompatible with forcing a certain behavior. The thing is, when Rainmeter is reinstalled, it's normally because the user wants to "revert" to that standard handling / behavior, so from that point of view, forcing it doesn't seem like such a big issue anymore (e.g. user complains he can't install skin, advised to reinstall to fix it, complaint still present afterwards). In the end, the user could change .rmskin association like desired after that reinstalling anyway.
Just playing the "devil's advocate" a bit on this one, to cover all angles, that's all. Personally, I would very much dislike forcing a certain file association but only if automatically done
after the program was installed (e.g. automatically when it is opened, like some software do, against user customization in that regard).