Thanks to Gregoire Michel for providing this answer (and recommending a fresh post).
Marketo is better system of record than SFDC, because it does a better job in loging the source of the consent. Fills-out form activities in Marketo provide detailed data abut date time, all the values entered AND the ip address. It cannot be tempered with, meaning that it can be used as a proof of consent. In SFDC, depending on the rights, it's almost impossible to guarantee that you will not end up with someone being opt-in without a proof of their consent.
in addition to the reply you copied above, I would add that yes, you can, and probably should, add these fields in SFDC, but you need to make sure they cannot be updated by anyone but a few users and the Marketo sync user and also make them "history fields" so that you can trace any change to these fields, as unauthorized changes could engage the company's responsibility with regards to the GDPR or California's new privacy law.