It's a bit strange now that one cannot create an arbitrary history with arbitrary timestamps, unless one abuses replication, in which case one can. This is illogical.
A consistent approach could be a new command line option that controls who can set @@timestamp.
Something like --who-can-set-session-timestamp=NOBODY|REPLICATION|SUPER|ANYONE
(here "SUPER" implies "REPLICATION")
Can be set via command-line option only, read-only server variable.
perhaps REPLICATION is unnecessary, and NOBODY|SUPER|ANYONE is enough (if SUPER can abuse REPLICATION to change timestamp anyway).
And system versioning will use @@timestamp and not a separate shadow system time anymore.