Re: Looks sweet ...without the pseudo-security... of lock-in.
First, as to "signing"; its "security" is basically verifying that the original code is from "trusted" (I.E. "authorized") sources, without modification. The problem is that if any code, signed, or not, has these types of inherent flaws... which -IS-, and -HAS BEEN-, the case... time, and time, again... then "signing" simply becomes a means of "locking-in" code distribution, to "authorized"... I.E. "licensed"... software manufacturers. And, frankly, those interests who continually push this ("code signing") the most, actually have a long and very-well documented history of ABUSING, exactly this type of LOCK-IN. As well as, having an absolutely terrible history of releasing, and "signing" such flawed code, over, and over, again. So, there is -no- real "security" there, at all.
In short, flawed, (but, officially-authorized) code -IS- one of the major sources of software security compromises. And, this particular "security" fix [hardware-based STACK Bounds-checking] is aimed directly at protecting against such "flawed code", itself... without allowing a clearly demonstrated platform for further commercial "abuse".
And finally, frankly... based upon all the facts... it is completely nonsensical and offensive to make any assertion that the, vast numbers of highly-experienced, people who have come to oppose such "Signing", and "trusted computing", lock-in... are actually, simply wanting to be able to "steal", and/or compromise, software.