They state that it's impossible to secretly listen in (because that would involve tampering with the data), but then also state that the hub works by converting to classical bits and then retransmitting.
What prevents an attacker from inserting a device that converts to classical bits before retransmitting?
Exactly. The hub itself must be secure and trustworthy for an entirely 'secure' communication route, this won't work across any plain-jane network due to that weakness.
I believe the retransmitted quantum packet would be necessarily different from the original. So the receiving node notices that the packet has been modified, but because it expects the (secure) hub to modify the original, all is well.
clients can only tell that the message they received from the hub was actually from the hub and was not observed by anyone but the hub. there's no way to tell a message from client A to client B wasn't tampered with or observed before the hub delivered it
So if you're supposed to trust all hops on your message, quantum cryptography has no real appreciable improvement over standard digital communications (where the same problem exists).
What prevents an attacker from inserting a device that converts to classical bits before retransmitting?