The chain starts with the maintainer who signs and uploads her packages. That signature is checked against the key that she uploaded when she became an official Debian developer, which was itself verified personally by other Debian developers.
Once the uploaded package is verified as having been signed by the maintainer, an MD5 sum of the package is computed and put in the Packages file. The MD5 sum of all of the packages files are then computed and put into the Release file. The Release file is then signed by the archive key (for 2003v2. See also this announcement and this announcement) which is created once a year and distributed by the FTP server. This key is also on the Debian keyring.
In theory, therefore, the end user, having added the archive key to his keyring, can check that the Release file was signed by the proper key, can check the MD5 sums of all the Packages files, and can check the MD5 sums of all the Debian packages. Previous versions of APT did in fact check the MD5 sums of the Debian packages against those in the Packages file, but went no further up the chain of trust.
It is useful to note at this point that this work is a separate project from that which seeks to add signatures to the .deb files themselves. APT Secure uses MD5 sums in the Packages files (not signatures on the .debs) to verify the authenticity of the .deb files. More on dpkg-sig can be found here.
In theory, this makes APT vulnerable to a variety of attacks. Suffice it to say that if a malicious person can alter any packages, then they can gain full access to the installing machine. Note that APT Secure does not defend against attacks against Debian servers which compromise the key used to sign the Release files.