Comment by upofadown

I recently learned that a cryptographic signing operation on a PDF is more or less bogus due to the complexity of the format. Every once in a while some researchers take a look and find a bunch of new ways to forge such things. I guess the root problem is that you end up signing a whole whack of stuff that you don't see or understand. That isn't ever going to work. I think that in practice you can only sign plain text if you want it to be secure.

So this really isn't any worse than the alternatives, at least for PDFs...