Someone pointed out that signing a message wouldn't actually solve the all the issues Simon raised. It would stop someone from tampering with a message, but it wouldn't stop someone from replaying a message. You need to take additional steps to protect against that as noted on this thread at Sam Ruby's blog.

However, the real point I was trying to make on behalf of the developers at Microsoft.com who built this prototype service, is that security wasn't really their goal.