Webwork - 12:19 pm on Dec 30, 2012 (gmt 0)
In theory, I could take any domain I'm the registrant of and upload someone else's info to the domain. All it takes is access to the domain's control panel. Given this I'd likely not loose sleep over the issue of "controlling" the content of the WhoIs.
Where I might loose sleep is if the domain's apparent (false/fraudulent) "ownership" was associated with my identity AND MY credit card or bank account AND I didn't authorize the transaction. :-/
Hope this response makes sense. If anyone wants to correct me about the ability of someone to "fake a WhoIs record" I'm open to the insights or limitations. (I understand email accounts will come into play in my scenario and there are limitations based upon control of non-hacked email accounts AND I understand there are ~rules about the accuracy of WhoIs records that COULD result in the termination of a domain's registration.)