(For some context for viewers, PackageSetup.py lives in C:\Program Files\Sublime Text and is responsible for installing and upgrading *.sublime-package files)
You're right: PackageSetup will leave any files you (the user) have changed alone, unless they've also been changed in the package, in which case your local changes get nuked. This isn't much fun.
The very first improvement would be to make PackageSetup.py backup any files changed by the user, so worst case nothing is lost. This would be a huge improvement over the situation today.
The next thing that could be done is to try and do a 3 way merge between the old package file, the new package file, and the users changes. Some (much) earlier versions of Sublime did this (with the assistance of code.google.com/p/google-diff-match-patch/), but that wasn't conservative enough, and would try and merge conflicting changes, resulting in broken files.
Any merging must err on the side of caution in merging near-by changes, otherwise there's a chance that the resulting file won't be valid, and the user will end up with a broken installation - this is even less fun than losing your customisation to that file.
I'm not keen on making PackageSetup work via a version control tool, just because of the added complexity. However, as an individual, there's no reason not to put the C:\Documents and Settings\Application Data\Sublime Text\Packages directory under version control.
Actually, using some sort of VCS as the backbone of PackageSetup may not be a bad idea at all, as long as users are never expected to merge anything manually.