Yes exactly. The MD5 hash is stored as a tag in the DNG file (as metadata, in other words). So, as noted above, an adversary can tweak the raw data, recompute the MD5 fingerprint, and update the raw digest tag in the DNG.
Again, the DNG raw digest is designed to help protect against accidental corruption ONLY. It has NO security / authentication powers at all, nor was it intended to.