It's a public accounting of everyone's keys. All participants can review the blockchain to confirm the accuracy of their own public key. Three-letter agencies can't fork the blockchain and replace a key from the perspective of one participant.

It's not a forking attack, it's a selective-lying attack -- a malicious Keybase server could serve up old versions of someone's files, or pretend that e.g. no shared files exist between you and another user even though they do.

Putting everything into Merkle trees with published updating hashes allows clients to catch a malicious server -- if the server wants to lie to someone (without being caught), it has to lie to everyone at once.