They can hijack the DNS answer to the DoH server, which have to happen if the system doesn’t know where to look for, and create a DoS. However, that’s how far they can go AFAIK. They can’t pretend they are the real server, nor downgrade the connection. And, it can be sidesteped by using a direct IP connection.
We use DNS just because lemmy.ml is easier to remember than 54.36.178.108 or 2001:41d0:303:486c::1. DoH can still works by direct IP connection.