fiveseven: downloading a large chunk of data (not a graph just a single big stream of bytes) where all you have is the hash of the data is tricky to do securely without potentially wasting a huge amount of resources in a DoS-style attack. In a naive approach the attacks get even worse if you're allowed to download the large stream of data from multiple peers (e.g. I want to download a 10GiB zip file using the SHA256 of the zip file from 10 peers).

Folks have been talking about this for a while and there has recently been some progress on this. It's tricky and depends on the hash function used, but it's being explored.

Here's a recent issue from discuss.ipfs.io talking about this https://discuss.ipfs.io/t/cid-concept-is-broken/9733/61.