It's possible to disallow Let's Encrypt from issuing certificates for a domain with CAA records.
Proof of Possession challenges should help here, and are part of the ACME spec, so I'd imagine Let's Encrypt will implement them eventually, once all the edge-cases have been figured out.
When it comes to Domain-validated certificates, I don't think there's currently any validation mechanism in production at any CA that fully protects against BGP hijacking. In the end, even the more commonly used email validation relies on a TCP/IP connection which can be hijacked just as easily. That being said, Let's Encrypt is doing more than most (if not all) other CAs to mitigate this to a certain degree by supporting CAA and having plans for PoP challenges.