You say this but I have seen it done in R77.30
Policy Installation Targets set correctly so to go through this then you have too as you say
A) Change the Policy Installation Target on the Policy so that can install the Policy to the Gateway
B) Acknowledge the Message stating that installing a different policy
Person that did it had several years experience of administering Check Point firewalls so it CAN happen.
Found out who did it through the Audit Log and found the actions for the user in question
In R80 then will show up in the AuditLog and look something like this
Subject: Object Manipulation
Operation: Modify Object
Object Type: PoliciesCollection
Performed On: policy_name
Changes: Policy package installation targets: Removed 'FirewallA'; Added 'FirewallB'
Will tell you the Admin as well as the client IP who made the change.
Would suggest that look through the Audit Log and double check that no such entries.