In addition to all the comments pointing out that signing and announcing that only documents signed by you are valid is the way to go and does not depend on Adobe specific hardware (storing a hash - or a copy - locally won't help, though, you have no prove that what you have stored locally is what you sent the customer), here an answer to your original question:
using iTextSharp's SetEncryption method, is the PDF safe against user modification? Even if the user is a programmer? It appears to be but I would like to make sure.
No. Anyone who can open the PDF in a PDF Reader (i.e. the PDF is encrypted only by owner password or by owner password and a known user password), can circumvent encryption. And after the act that person can also re-encrypt. Probably he will use a different owner password, but how can you prove that the owner password you claim to use actually was used in the PDF sent to the user?