Really simple. rpm -V should be run as root for the most accurate reports. Specifically, users cannot verify the checksums of files they cannot read. So if you do 'rpm -Va' as a normal user it'll look like many SUID root binaries have been changed. They probably haven't, you just don't have read perms; rpm can't calculate the checksum and warns you because it can't vouch for the checksum.